CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects
This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Tay Keng, Solution Architect at PTC System Pte Ltd.
(1) You currently work at PTC System Pte Ltd, as a solution architect. Can you tell us a little bit about what your job involves?
My main job is to develop proposals for multi-vendor solutions in response to tender requirements. I am also responsible for presales activities concerning security products and do presentations for clients one-on-one at security conferences and security themed exhibitions.
(2) Can you share with us some complexities in managing cloud computing projects?
So far, I have been involved in cloud computing projects involving private on-premise cloud deployments using hyper-converged infrastructure from Cisco, Dell and VMware. The most complex portion of such projects is defining what goes into the self-service portal and implementing it into a dummy-proof user interface to provision their workloads.
(3) In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
My recommendations are:
Be absolutely clear about the Shared Responsibility of security when moving workloads to the cloud. The customer is still ultimately responsible for the security of their workloads – but it is different than when they were on-prem.
Pay-as-you-go (PAYG) sounds great at its face value, but it can come back and bite you in the form of “bill shock” at the end of the month because of:
- Forgetting to shutdown idle VMs when not in use
- Oversizing VMs instead of right-sizing it using the right tools (like Turbonomic)
- Forgetting to count the costs of egress traffic volume in estimating cloud costs
- Not realizing that when you have a lot of workloads that do not change very much, you can save a lot more by using Reserved Instances instead of PAYG.
Configure cloud resources like storage buckets like S3 using the least privilege principle.
Must deploy MFA for the cloud management console access since it is the key to the “crown jewels” of your cloud resources.
(4) What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
I was already studying for CISSP when I was offered CCSK training. So I jumped at the opportunity. Moreover, my company was supportive and offered to pay for the exam fee. The Data Security & Encryption module was the most relevant in my work because just at that same time, I was working on a tender that had extensive requirements for data security.
(5) What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?
We must all realize that whatever certificate one obtains is just relevant for a fixed period of time since you know the technology is always evolving and changing. We should never stop learning, or we will become obsolete very fast.