aws

Are You Turning Into a Feature Creep?

As tax season approaches, a lot of people wish they had a system that could do literally everything for them. Of course that option exists, but you’d have to hire an accountant. Professionals can tailor a system precisely to your exact needs, but they set their prices accordingly.

The fault is in thinking that your business will always need that level of customization when it usually doesn’t, and you weren’t willing to pay for it anyway. The point of an agile system is that it can solve most needs, but feature the kind of adaptability that allows people to grow. It’s not an answer for a lousy workflow.

Most people understand the true nightmare of feature creep. Someone in a focus group mentioned that their business needs this function, so it gets added. Multiply that by a million focus groups over several years, and you could have a real problem. It creates a system on which millions of people are truly dependent but has become so outsized and clunky that it is genuinely difficult to use. Case in point: When was the last time you enjoyed using iTunes?

So, when you’re considering options like AWS CloudWatch or GCP Stackdriver for your monitoring services, it’s tempting to select the one that checks the most feature boxes. But why? Looking at the list and waiting for the day that you read, “Will overcome bad company processes” isn’t it. Stacking features one after the other often results in software that slows your workflow as you attempt to configure it. Which is the exact opposite of the reason you bought it in the first place.

When Cloud Providers Use Open Source, Who Benefits?

The open source community began with a premise that working together makes software better for everyone. When big businesses with huge teams and tons of resources join in, it isn’t that simple. There’s a lot of money to be made in refining a free product to beat your competition, but is it the ethical choice? Should major Cloud providers like Amazon or Google be able to repackage and sell open source software without compensation? And, how does this practice affect the open source ecosystem?

The whole point of open source is collaboration, and this is still generally true regardless of who’s using it. Although Amazon might use MySQL for AWS RDS or Google for its GCP CloudSQL, it usually isn’t a one-way street. The people using open source software to develop native offerings for these large organizations also may contribute to patches, security or new features back to the core of the applications.

Conversely, taking advantage of open source tools to bring services in-house can have an opportunity cost in development and competition. If AWS continues to expand its native options, it might render some third-party competitors obsolete. When you consider how a wide selection of potential add-ons affects a customer’s decision-making process (i.e. lots of options vs. choice paralysis), lack of competition might be a bug or a feature.

Allowing big companies to adapt open source software for private services could narrow the competitive field. But if it translates into better software, that might not be as bad as it sounds.

AWS Expands Hybrid Services, Aims to Meet All Hosting Environments

Until recently, organizations that wanted to host some data on-premises and the rest in the Cloud had few options that are truly seamless. Microsoft’s Azure has dominated the market for hybrid data management, but that’s changing. AWS now offers choices such as Outposts to make migrating to a AWS environment faster and smoother.

Although many businesses are looking to move all their data to the Cloud, there are reasons this isn’t always possible. Latency, security and regional data storage standards sometimes demand local hosting. To try to route around this, some companies have used Amazon’s Snowball Edge data migration hardware as a semi-permanent storage device.

Outposts, set to be available later this year, aims to provide a permanent environment to address these needs. Customers can choose to use their familiar VMWare environment, or use a native variant that offers the same operation as AWS Cloud services.

The trend toward seamless data migration and management moves forward, and the extra competition may yield even more options to come.

Secure Your AWS Account with CIS Benchmark

In the Cloud, security should be your top concern.  If your company is using AWS, you’re probably aware of the endless possibilities for implementing security controls.  With these possibilities, there is a lot of room for gaps and mistakes.

One of the most important areas to secure is the AWS account itself.  Is is also important to ensure that changes made in the account meet security controls with a compliance dashboard.  Many customers choose to implement security monitoring and mitigation manually, which is time consuming and error-prone.

There is a better way.  AWS provides an automated implementation of the CIS Benchmark (https://www.cisecurity.org/cis-benchmarks/).  This combination of monitoring and dashboards can be deployed using a CloudFormation template, and can be launched directly from the AWS documentation found here: https://aws.amazon.com/quickstart/architecture/compliance-cis-benchmark/.  Click on “How to Deploy” and select your region (either GovCloud or other regions), and follow the directions.

What resources are created by deploying this template?

  • AWS Config Rules

  • CloudWatch Alarms

  • CloudWatch Events

  • Customizable Lambda functions

In addition, AWS provides a security controls matrix (as a Microsoft Excel spreadsheet) that maps the deployed resources to specific CIS controls.

By deploying this benchmark using automated methods, you can test this in your own account, and remove all of the above resources with a few mouse clicks if required.  We recommend that every AWS account have security controls implemented and monitored, and enabling termination protection on the deployed CloudFormation template will help protect these resources.

Happy deploying!