Back When It Was “PC Anywhere”
Thinking back to the 90s as the Internet was learning to crawl, it’s amusing how easy it was to expose a computer on the Internet to the World. If you were lucky enough to have an Ethernet connection in your dorm room or office, your PC could be reached from anywhere on the Internet. If you needed remote access to your computer you could run a telnet server or VNC on your computer. If you were running Windows you could share your local filesystem via TCP/IP. Almost magically, you could type \YOUR-IPc$ on another Internet-connected Windows computer to gain easy access to your 1GB hard drive. These were certainly the times of “PC Anywhere”
The Internet Age of Innocence Ends
Fast forward through years of Windows exploits and the arrival of consumer broadband, when Network Address Translation (NAT) became a somewhat safer alternative by allowing a broadband subscriber to attach multiple devices to the Internet via non-routable IPs hidden behind a single IP address. Putting a server on the Internet required a little port-forwarding knowledge, and some work, to secure a static IP.
Not From Our Network
To meet rising demand for digital services and rising bandwidth costs, many companies and organizations turned to third-party hosting or colocation services to serve Internet applications. This approached lowered bandwidth and data center costs, but did little to address the costs associated with configuring, managing, securing, and maintaining routers, switches, servers, and storage systems. This approach significantly raised the barrier-to-entry to expose a computer to the Internet while providing enterprises with control over their infrastructure and how it was deployed.
Along Comes The Cloud
The cloud, along with virtualization and a software-eats-the-world mentality, turned IT infrastructure into an application. A budding web startup no longer had to procure, deploy and manage thousands of dollars in hardware. Enterprises gained a new tool that increased agility by making it easy to utilize ephemeral workloads and deep compute, network, and storage capacity on a pay-for-what-you-use model. The barrier for exposing a server to the Internet that went up in the previous decade dropped significantly. With the entry of a credit card and click of a checkbox, a virtual server is placed on the public Internet. In seconds, a user can now create entire virtual networks consisting of subnets that automatically dole out public IPs to newly provisioned servers. Other users use these networks and deploy their own servers without having to worry about pesky details like IP addresses or whether or not the server was Internet-facing.
Server Anywhere Means Security Risk
With cloud computing we’re facing a security situation similar to the “PC Anywhere” days. A new server can be deployed on the Internet in a few minutes without leaving one’s chair and with no regard to security, enterprise policies, or corporate governance. From a network view, the server might as well be deployed in a 90s dorm room or in a corporate network DMZ.
Control the Delivery
I often hear enterprises say: “We’re going to the cloud and don’t need CloudBolt — with a little training and access to AWS console, our users will be just fine.” This is no different than issuing keycards to the same group of users, and letting them into the physical datacenter. Cloud Computing is a phenomenal development for IT infrastructure and service delivery, but this delivery shouldn’t be left to the individual user. What’s needed is curated access to pre-defined, vetted, and configured infrastructure that can be delivered immediately upon end-user request. Based on user intent and upon request, new servers should be delivered to logical clouds according to their function and with assurances that the appropriate policies governing these resources are in place.
CloudBolt fills this need with its cloud delivery and orchestration platform. Sitting between the cloud provider and end-user, CloudBolt gives enterprise IT the ability to make sure user-deployed servers aren’t accidentally deployed to the public Internet. CloudBolt arms cloud operations teams with the ability to mask dangerous options, and restores IT’s ability to control which assets get exposed to the World.