At VoxSmart, we often find ourselves debating the issue of cloud storage vs on-prem. Since we launched our fourth-generation mobile recording solution, VSmart, we’ve pioneered cloud storage for all data recording. Security, reliability and cost are obvious concerns for anyone investing in storage but that’s where we feel the cloud offers unprecedented advantages. Our CTO Dr Richard Wheeldon explains why.
We’re just a few short weeks away from the 2016 AWS re:Invent Summit. Over twenty thousand people will descend on Las Vegas to hear Amazon deliver the latest news on their market leading cloud platform. Last year’s AWS product launches included a new piece of hardware called Snowball for dealing with petabyte scale transfers to the cloud, a cloud-centric BI tool called QuickSight, a platform for testing and running mobile apps in the cloud and a streaming data ingest system called Kinesis Firehose. We’re looking forward to some similar innovative announcements this year.
That’s what we expect from cloud – innovation and scale. But it’s not really suitable for financial applications. It’s not secure. You wouldn’t see a bank running its operations in the cloud. That’s the myth but the reality is very different. The picture above was taken recently at the inaugural FinTech Festival organised by the Monetary Authority of Singapore. The message from the Singaporean regulator couldn’t be clearer – cloud really isn’t a no-go area for financial institutions. It’s fine and other regulators like the FCA in the UK and the DNB in the Netherlands agree.
If this is the case, then why don’t banks run their applications in the cloud? The truth is that they do. Not all banks, obviously, but most of the younger generation of banks like Metro Bank are skipping the traditional data center route entirely and going straight to the cloud. They’re not alone. During my time at Cisco, we had a number of financial institutions including well-known high street banks putting traffic through our cloud-based security engines because it made their networks safer. Even large, established financial institutions are moving huge workloads to the cloud. Last year’s re:Invent also featured a keynote speech by Rob Alexander, CIO of Capital One, in which he said that deploying into AWS enabled them to operate “more securely in the public cloud that we can even in our own data centers”.
We agree and are excited to be expanding VoxSmart’s VSmart cloud around the globe using AWS. Folks like Dave Walker and Werner Vogels are amongst the smartest in the business and they’ve helped Amazon build a set of practices and tools that make it easier and simpler to maintain a super-high level of security in a distributed, global network.
To achieve this, AWS use a “shared responsibility model” in which some of the responsibility for security is handled by AWS and some by the AWS tenant. It might be a bit of a mind-twister for those used to a traditional data center model but it works. Amazon provides a set of physically secure data centers, a network secured with firewalls and intrusion detection systems and encrypted storage. This gives a secure platform from which to operate and makes adhering to the major compliance standards like PCI DSS, SOC and ISO 27001 simpler.
VoxSmart’s responsibility is to ensure the security of our data and applications. As the Stuxnet cyber attack on Iran’s air-gapped nuclear facilities showed, if a software application is vulnerable and important enough, people can find a way to get in regardless of where the code is running. If an application is riddled with XSS, XCS, CSRF and Injection vulnerabilities the best platform in the world won’t protect it. That’s why we hire top-class UK-based developers, have experienced PCI DSS and ISO 27001 auditors on our DevOps team, subject all our code to a review process and run multiple SAST and DAST tests on every build cycle.
But the most effective preventative measures are meaningless without observing when, where and how they break down. To do that takes good surveillance data and a robust way to transfer that into actionable intelligence. To help us achieve that, AWS provides us not just a secure platform but also tools like Inspector, Cloud Trail and Trusted Advisor which provide valuable, real-time insights into the activity of our systems.
We’ve applied the same principles at VoxSmart by improving our data collection and presentation capabilities, with the introduction and ongoing development of IM capture and the recently revamped VSmart Control Center UI. That’s because the same rule applies to user activity on mobile phones as to infrastructure and applications – if you don’t know what’s happening you can never be secure.