[00:00:36] Camille Morhardt: Hi, and welcome to today’s episode of Cyber Security Inside What That Means: The Cloud. I’m really looking forward to this conversation today with Monica Ene-Pietrosanu, she’s Director of Software for Cloud and Enterprise Solutions at Intel. Welcome to the show Monica.
[00:00:55] Monica: Hi, Camille. Thank you. Thank you for having me today.
[00:00:57] Camille Morhardt: I’m really looking forward to this conversation because the word “cloud” is so incredibly broad. I think that we’ll probably start broad and then narrow in on some stuff as we start hitting on the intersection with security, acceleration, and whatnot. But, I do want to start with what is the cloud? I still think a lot of people go around saying cloud and maybe just don’t really know what it means. Could you define it for us briefly?
[00:01:27] Monica Ene-Pietrosanu: Yeah, absolutely. Simply put, cloud computing is the delivery of computing services over the internet, without the user needing to know the physical location or configuration of the hardware that delivers your applications for email, or storage servers, or databases.
[00:01:48] Camille Morhardt: Do you know how it got the name cloud?
[00:01:50] Monica Ene-Pietrosanu: I actually don’t know. There are discussions about building a sky above the cloud, which is going to get the clouds to interrupt. I think it’s pretty much the change of the computing model from the mainframes in a room to PCs on every desk, in every house, like Bill Gates’s vision was, to actually moving the compute capabilities in a centralized location and abstracting that as a cloud. You don’t see what’s there, you don’t know the physical location, you don’t know the configuration, you just enjoy the services.
[00:02:28] Camille Morhardt: So where are clouds and what are they? I think of them as a whole bunch of servers sitting somewhere together in some possibly remote location where energy is cheap because they cost a lot of money to cool.
[00:02:44] Monica Ene-Pietrosanu: In the United States, companies like Microsoft, Amazon, Google, Facebook, IBM, Oracle and Apple have morphed into what we call hyper-scale data centers. Across the world, specifically in the Republic of China, companies like Alibaba, Baidu, 10 Cent 10 have done the same. And what does hyperscaler mean? According to the market intelligence company called International Data Corporation or IDC, a data center is generally defined as “hyperscale” when it exceeds 5,000 servers and 10,000 feet. That is a huge scale; it definitely brings a significant amount of control, huge efficiencies, and also huge responsibilities.
[00:03:35] Camille Morhardt: These data centers are all over the world because it reduces latency. We still have this problem if every data center we’re in one location–I mean, aside from kind of physical risks if there were a fire or an earthquake or something; but the closer the data center is to you the faster you are able to get your data, is that correct?
[00:03:57] Monica Ene-Pietrosanu: Absolutely. Latency is an important aspect and that’s why all of these data centers are geo distributed. Each of the hyperscalers offers multiple zones of accessing the resources. Right now the closest you are yes, and that’s what also drives the emergence of what we call the edge, where we are bringing compute closer to the user. And that’s, let’s say, the new evolution that goes beyond the cloud to where there are servers–mini-data centers–being set up closer to the users, whether it’s your car, your phone, your mobile, your device considered to be as a user, and you don’t need to go back to the cloud. And many computations can happen closer to the edge. So this cloud computing moving closer to the user is another trend that is complimentary to all the move to the cloud.
[00:04:52] Camille Morhardt: You’re saying actually creating mini servers that are then closer rather than moving the compute to the device necessarily. You’re saying the compute will be on a server that’s closer to you at your local intersection or on your block, or in your parking garage, or at your factory or something.
[00:05:09] Monica Ene-Pietrosanu: If it’s about your car, you probably have a data center that’s closer to the neighborhood or the city you are in. If it’s about your phone mobile device, pretty much the same. So smaller data centers placed closer to the users.
[00:05:23] Camille Morhardt: Interesting. It’s like distributed cloud. Okay. I have another basic question. Let’s say you take a picture and put it on one of the mini public clouds offered in the United States, and now you want to access your picture. What exactly is happening? How do you see the picture you want? How are you looking at it on your phone? And when you press “click” to download it or forward it, or look at it again what is actually happening behind the scenes to get that to you?
[00:05:59] Monica Ene-Pietrosanu: Lots of things happening behind the scenes for you. And it’s so cool that you have a huge amount of storage, right? This massive amount of data that can be stored, that’s one of the advantages of the cloud. Because the cloud enables you to scale up, scale down and this way you can actually focus on what you need to have done, downloading your picture. Don’t worry that you’re running out of space.
So what’s happening? You store your picture with one of the cloud service providers. And what do you want to look at it, you bring it down on your mobile phone or your laptop, and then that means it’s coming down the wire to your computer. Then once you looked at it, you edited it and you want to send it further, there is some processing you do locally that may be actually cloud services that you involve so that your picture is edited. And then you can send it over to either another user, and that has to go through another cloud service, or to another application that also goes through the cloud.
So everything happens through the cloud. The amount of processing that happens on your devices is quite limited and also the amount of storage. And this ability to scale is what makes the cloud so attractive and brings a lot of innovation in terms of services to process your picture and also artificial intelligence (AI) based algorithms that enhance your ability to create great value added.
[00:07:27] Camille Morhardt: Yeah. I want to talk about scale from the enterprise sense, too, but I’m going to pause because I still want to know, how does the picture find its way to you? There’s an address?
[00:07:37] Monica Ene-Pietrosanu: There is an address, an IP address. It’s basic concept of client and server, right? If you consider the server being in the cloud, now you don’t see, you don’t know what it is, you don’t have the hardware capability of it. It’s coming from the server to the client, which is your local machine or your mobile phone. Then you can have a subset of the services run on your mobile phone, on your IP address.
[00:08:02] Camille Morhardt: Okay. Can talk about scale a little bit? Since you’re in software, can you help us understand how we as an industry and the world figured out how to make better use of servers, allowing multiple people or multiple organizations to exist on a single server and kind of scale up, scale down, you mentioned rather than like this is my PC, nobody else gets to touch it. If I’m only using 1% of it, or if I’m not using it all night long it’s just sitting idle, right? Whereas, with a server, clouds, and server farms, it’s not operating like that. Can you explain how those resources are optimized and shared?
[00:08:53] Monica Ene-Pietrosanu: Absolutely. I wanted to say that in addition to the large cloud service providers, we have others that are, even if they are not called hyperscalers, are still very relevant. We are using cloud services from a multitude of providers and for them multi-tenancy–being able to efficiently run the infrastructure–is an important factor.
Today in the cloud, everything runs virtualized–whether it’s in a virtual machine that co-locates with other virtual machines from other tenants on the same host or whether it’s a container or a micro service. There are some new concepts that are changing the deployment model today that are actually driving efficiency. And maybe you’ve heard about a function-as-a-service where I don’t rent a full machine in the cloud, I only need a specific type of function to be executed. And I’m paying as much as I need for that function to be up for me and when I don’t need it, I don’t pay any more. It’s very cost efficient to use function-as-a-service.
So back to the cloud service providers, their main job is to extract efficiency from the infrastructure–whether it is to run with sustainable energy, because it’s an important aspect or to ensure security and security in the cloud is paramount. We can talk a bit more in depth about that, but right now the responsibilities that a cloud service providers and the challenges they are facing are huge. Let me give you an example, I mentioned 5,000 servers for hyperscalers, so that actually brings increasingly complex problems that these hyperscalers need to solve. Even a statistically small incidence rate can manifest very meaningfully at hyper-scale. As the core count, memory capacity, number of servers scale, so does the impact of problems that we may consider negligible when we talk about our laptop. Every failure is going to be augmented at scale.
Then the other aspect is that we cannot have downtime. The cloud service providers need to provide updates without the downtime rebooting the system to fix issues and enable post deployment features is no longer an option. And ensuring reliable platforms update is a big deal for cloud service providers and also effectively root causing issues. The goal of the cloud service provider is to bring to their users the benefits of the latest hardware and software while minimizing disruptions and downtime. There is a lot of responsibility. We know cloud is always on and an hour of downtime from Amazon or Google not only becomes worldwide news, but also has a huge impact on businesses because this pervasive adoption of the cloud architecture has transformed the business and how our society functions today. To the cloud applications enrich lives, power companies keep our world running. And that’s why people or organizations count on cloud to deliver the services and experiences that they trust and that they need.
[00:12:18] Camille Morhardt: Let’s talk about security, I’m also quite interested in the privacy aspect. I’m interested in how cloud service providers and clouds are protected and how they detect potential attacks. On the privacy front, I’m very interested in sending some personal information or some important IP from a company to a cloud. Who could potentially see that information? And at what point could they see it? Is it when you’re sending the data there? when you’re storing the data? when the data is being processed?
[00:13:00] Monica Ene-Pietrosanu: This is very important because security is something that is in the top three CIO challenges when moving to cloud. Chief Information Officers have a lot of things to worry about. More than this 60% of the developers today deem security to be extremely important for their applications that target cloud environments. As a result, there are many new developments that have advanced security in cloud, but there are also a growing number of increasingly sophisticated threats being faced by the cloud service providers.
Here are three examples. Privacy is definitely part of security; it’s an important aspect. Security budgets have constantly been increased by IT execs worldwide. Even though that happens software only based security measures or isolated solutions can still fall short. For example, 75% of the companies attacked by ransomware run up-to-date end point protection software. And then there are high profile breaches that we keep hearing about that highlight the risk even more. Last year in March, suspected Russian hackers stole thousands of emails after bridging the email server of your State Department. And then in August last year, hacker attacked an unprotected router in the T-Mobile network. I think they got access to over 50 million personal details. So the costs are massive. Overall an amazing figure of $10.5 trillion is what’s the projected annual cybercrime costs worldwide by 2025, that’s huge.
At the same time, back to your privacy question, cloud companies have to navigate a growing set of data protection and cybersecurity regulations from the Global Data Protection Regulation, GDPR in Europe, to the Executive Order on Cybersecurity in the US; and if a cloud company doesn’t meet the security requirements they can face legal risks.
So it’s a huge amount of responsibility. And as you said, data needs to be protected everywhere–when it is in use, when it is in flight, and when it is at rest. Over the past decade there has been significant progress safeguarding data that is in flight–when it’s traveling over the network–or at rest being stored. But that means that the data is often most vulnerable when it’s actually in use. And this risk has emerged as one of the most pressing security challenge we face. The threats have increased and are many times internal. So even if you are inside of your company’s firewall, the attack can come from internal actors that are not trusted. That’s why all this discussion about protecting the data in use as well as a zero-trust approach are super important.
[00:16:19] Camille Morhardt: So the public cloud companies are often operating systems, as well as applications on top of the operating systems–like an email application let’s say, or photo editing application. They’re also owning and running the actual servers, the hardware that the virtual machine monitors, and the operating system and the applications are on. And they’re storing all of the data–your data or your IP–because they have the hardware and the operating system in the application. Can they access the data itself?
[00:16:56] Monica Ene-Pietrosanu: They can access several layers. And as I mentioned, there is a lot of controls that they have, but also a lot of responsibility. And that’s what’s generating legislation that comes to clarify that as well as technologies like Intel SGX, who is encrypting data in action as well as other technologists who encrypt the data stored on various servers. So obviously if the data is encrypted on a storage server, the public cloud provider will not be able to access it. And also there is a lot of encryption that happens when the data is traveling through the network in between the servers.
So today the data is being secured at every point and at every moment. So that gives, let’s say, limited ability that provider is able to access. However, we also need to understand that they assume a huge responsibility in delivering the services. They need to be able to ensure a monitoring of various events if something goes wrong so that they are able to root cause as well as the ability to stand up new services without downtime. So there is access for auditing as well as setting up new services.
[00:18:18] Camille Morhardt:. Is the access for auditing access to private data or is it access to some kind of event history of like what’s being done or run?
[00:18:29] Monica Ene-Pietrosanu: It’s access to event history so that they see what’s happening. That history is definitely including information that helps them troubleshoot the situations.
[00:18:39] Camille Morhardt: You mentioned how the cloud’s going to look really different because we’re adding a bunch of micro clouds closer to the edge or closer to where people are requesting information on their devices, or cars, or homes. How is that relationship going to exist with giant centralized server farms? How is data going to move differently than it does today? And how will protection of that data look different?
[00:19:05] Monica Ene-Pietrosanu: All the technologies that have emerged in the public cloud, the large data centers is being transferred to the edge and that’s benefiting the edge in a huge way. Now they will continue to coexist. There are performance implications, right? That’s why we want to have mini-data centers closer to the users. There are also operations that will happen in the large data center, in the public cloud because of security, because of performance aspects and so on. It’s a diversification and they will continue to coexist. And I’m seeing developers actually taking advantage of both models.
[00:19:50] Camille Morhardt: Thank you very much Monica Ene-Pietrosanu, you are a fascinating person to discuss the cloud with.
[00:19:58] Monica Ene-Pietrosanu: Thank you, Camille. I really enjoyed the discussion.
