Contino’s Fregosi: No “winning solution” for cloud migration

By Rebekah Tunstead | 7 December 2018

Without a unique solution migrating old legacy code workflows to the cloud remains a challenge, according to Frederico Fregosi, principal technical consultant for Contino, and former lead site reliability engineer for development operations at Curve.

“Most of the code is legacy code. Most of the code has already been written, this means that most of the applications have existed for a long time, even before the cloud was here. I don’t think that at this point in time, we have really come up with a winning solution on migrating workloads to the cloud. We have a lot of ways to do this, but we don’t really have a unique solution,” said Fregosi on the side lines of FinTech Connect.

“Security is definitely a component of this, because how can I secure my workloads on the cloud, if my authentication exists only on my premises. I need to start connecting them, but how do I connect them?

“The gap between the workload that has been on the premises, and was coded in the 90s, and what the function as a service can do, is so vast now. We don’t have a way of bridging this gap.
“There are limits in the way function as a services work.

“You can leverage the cloud by shifting your workloads, but to leverage the forefront after - there is still a long way to go.”

According to a report by Oracle and KPMG published this year, 82% of cyber leaders are concerned that employees do not follow cloud security policies.

There is often ambiguity about the shared reponsibility security model. Customers don’t always understand their cloud security obligations. This poses a risk to securing cloud infrastructure and applications because customers are often unclear where their provider’s role ends and theirs starts, creating gaps, according to the report.

Fregosi agrees that ambiguity with regards to where the responsibility of cloud security lies, remains a current problem.

“Security in the cloud is a very broad problem. It can be security implication, security cloud providers, the traditional problem is the shared responsibility model in which you have your cloud provider that is, instead of you being in charge of your security of your overall stack, you have your cloud provider which is in charge of for an increasingly larger percentage of your security.

“Maybe he is in charge of security of the hardware, maybe he is in charge of the operating system, maybe he is in charge of the security of the platform. This is the standard problem.”

According to Fregosi, traditional security problems, such as accidental misuse of cloud services remains a concern.

“The workload you deploy on the cloud does authentication and authorisation. More often than not, instead of deploying something on the cloud that is connected to the company directory, you deploy something on the cloud that is by itself, because you cannot connect it to the company directory, because it is hard to connect it to the company directory.”

Verification of the level of security provided by cloud in comparison to conventional methods remains unclear, says Fregosi.

“There are technological challenges for the cloud in terms of how do you ensure that the workloads on the cloud are as secure as the ones you have on your premises. My workload premise is my data centre, and I know it because I can go there and touch it. With the cloud I cannot go there and touch my workload,” he says.

“In the last two years, it’s surprising to see how a lot of the features that are coming from the cloud providers are not targeted at pure innovation, but are targeted at incremental changes, to their authentication and authorisation model so that now cloud providers are far more mature in offering resources to organisation.”

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development