IS THE CLOUD MORE SECURE?

[Music] predominantly Microsoft workloads but then seven years ago when I got into cloud I really started to get into the whole Linux open-source world obviously Amazon back then being around ten years was where I started and the Microsoft Azure matured and I jumped into that as well so I am very cloud bias a lot of what you'll hear up here will be talking about the cloud there may be some of you in the audience probably a lot of you that might be like calling BS on I talk about happy to have a heated discussion about that afterwards there's a lot of opinions out there and in Australian and st. Patty's Day coming up on Friday

happy for you to buy me a beer if you want to discuss later as well so I'm not going to sell you on any of the solutions obviously I'm cloud bias but I'm not going to sell you either way I'm going to try to give an even point of view about things but board a Mike Moore documentary style where you can tell I'm biased towards something but I'm trying to be balanced at the same time try to debunk any of the myths that I hear a lot of the time when people just I mean it's sort of a balance we probably a lot of you that have had your CIO or managers say we're going cloud and

there's no logic or reason behind it they were just in a conference and they just got told cloud is where everybody's going you should jump onto that and so there's a backlash there's people saying all these things the cloud is Hotel California you can't get out all these are like negative reactions because you're getting forced into it without any logic behind it so I'll be mister file out of that it is interesting though in the last two years a lot of that has disappeared a lot we've got major hardware vendors now flying into the cloud which I think also means that I mean startups have been in the cloud space looking after those gaps and areas

in security that the big vendors were ignoring for a long time but now we've got the big security vendors and others jumping in there and take you seriously so I think more so in security because security is something that works the same they probably make the same profit margins for traditional and cloud hardware vendors on the other hand they're obviously seeing a lot less in revenue coming in so quickly so they've been more of the holdup and I will I might give plug just a sofa since they are sponsor here that could be a little like I could give around the topics that we talk about today they do actually have edge security on the cloud

they are one of the most popular in the marketplace at least for Amazon so let's look at the focus what we're going to talk about so this is if we look at NIST which is the standards for I think that's part of the name in NIST is what we used about standards but this is their standard for cloud so what they define as cloud you can see these essential services here meaning on-demand self-service meaning people can start spinning stuff up without actually applying security best practices at that resource pooling things can rapidly start standing up and what that means for security is you've got to do your homework from day one you've got to set

in rules and regulations from day one to make sure that yeah if we're going to give on-demand access to other departments other people we've got to lock that down but still in a nimble way that they can still perform and they're not doing shadow eighty and going out and circumventing the rules that you've put in place so we'll be concentrating on public cloud and infrastructure as a service the reason I focus on those two is because public clouds probably the newest out there and infrastructure as a service out of the three types of services that you get on public cloud from safe space and is it's probably the most prone to problems if you look at

the other side SAS a lot of its looked after for you still some gotchas but it's more at the end-user point where the problems would occur whereas on ayahs there is a lot of misconceptions out there that they're going to look after it all for you just like that so we'll go through those misconceptions myths and things that you can do to be aware of so if anybody's you may have seen this diagram before to explain what the differences are between the different cloud models what we're going to concentrate on the second one from the left infrastructure of the service you can see there we just changed that to technical terms you can see what I was talking about before

what's in orange there is actually all the cloud provider looks after so everything above from the OS level up that's what your responsibility is so this is what they call shared infrastructure shared responsibility so a lot of people go into this thing and for some reason they think I don't need antivirus I don't need edge perimeter security and yeah sure on the south side where they're looking after everything except the end-users laptop or device that's the case but here the infrastructure of the service you still have to look after your operating system patches you start to look after the security there whether it be various different pieces so we're going to concentrate on that and we're

going to concentrate on Amazon and Asia because if we have a look here this is just to garden a magic quadrants from last year hasn't really changed in the last five years much but you can see here it's a bit blurry on the screen but that's Amazon and Microsoft in those two leader leaders it's for infrastructural service and for cloud storage down the bottom here in the niche players and visionaries that keeps changing all the time we keep seeing different providers drop drop out new ones be added for instance Rackspace has given up and started to become a manager this provider instead of doing cloud about the only one that's contained consistent that hasn't dropped off the

chart is Google it's been hovering around that same spot the last five years and they seem to be taking business concerns serious in last five months so that's good to see because obviously when you've only got two key players in the market you're worried about one getting complacent so it would be good to see at least three players in that leader area would make my life a lot harder though being agnostic of the three I'd have to know across in depth at the moment as your AWS really in depth but the other ones just enough to get me in trouble so let's look at Azure so what I'm going to do here is a zoom

in perspective around security parasha so they have a lot of data systems I think at last count it's somewhere in the 30s thirty data centers across the globe I think it's going to be 36 38 by the end of this year and what that is the good thing about cloud is it's getting cookie-cut so traditionally when we had to have data centers that we used around the globe whether it be for your website for getting latency to end-users quicker a lot of time we were dealing with different networks different architecture the great thing here is they all work pretty much exactly identical and this this case applies to Amazon as well they have all these data

centers a pretty much cookie cut and you can template things you can deploy something in India and use that same template just change a few little bits in your code and deploy it with the same security parameters and firewalls and settings as you would in Australia or Canada now what that means is that you're making sure that things are standardized you're making sure that you set it up correctly once and we do all this by code there are GUI interfaces where you could jump in and click around but the best way to manage in the cloud is by code and you can get these big JSON scripts with every piece in there whether that's the network what what

network ranges you've got there a CL are lines and things and you can actually change just those pieces in the code so it's a lot harder to mess up you're not having somebody click on the wrong thing or the page didn't load fast enough and they clicked and the button moved and they clicked on something else so it's a lot more static and also a lot easier to order if somebody execute the script and suddenly you have an audit and you say hey we've got this firewall port open but it shouldn't be open you can go back have a look at the script and see where you made a mistake edit that script and reapply it to all

your environment so therefore like yes we are having a lot more problems across look for environment open but you're also able to fix it a lot quicker so if we look at a region and what a region is as we're looking at a may be a cluster of data centers around a city and you can see from the point where it enters the region it really starts to become virtualized so we've got software-defined networking at the LAN level and then we start having a lot of options around security software to find security the performance load balances and also the other thing is Microsoft and Amazon are protecting things as well monitoring all these areas monitoring

your VMs now I must say they are monitoring it more to protect themselves than they are to protect you if you think about it if you have a server running up there you've got all ports open and you're getting a denial of service attack and you're not really looking after it you're not trying to stop it or mitigate it the other people that are using that same hardware are going to get affected the network traffic is going to get laggy so what they're going to do is they're going to suddenly cut cut off your access send you an email saying hey we saw a crazy amount of traffic going on it didn't look solicited we need you to

fix this and now actually though they've got these monitors they'll lock it down but that's not good for you that's that's taking the reigns out of your hands and then lock it down so you don't really want to get to that situation and the other thing is if there's an enviros an injection code your passwords are compromised Amazon and Microsoft aren't aware of that so if there's nothing no anomalies happening in your traffic and things that they're watching for they're not going to know that somebody's just back toward your environment so just give you an idea what a physical data center looks for Microsoft Azure I don't have any pictures of Amazon I don't think there are any pictures out there

I've been told many times in the past many years ago it may have changed in the last five years but they don't let people that go through Amazon data centers which actually I like the fact that people aren't just wandering around I mean a photo could probably tell me anyway but Microsoft do do tours you can go through their data centers and they're pretty pretty boring like this they order in and replace their service by the shipping container they don't take them out of the shipping container they keep them in there and I remember a few years ago actually talking to somebody from Amazon and they were talking about the fact that they're not even gonna in the future have walls and

doors if you think about it where's the best place to hide if you're some super spy or something and trying to hack into their data center physically you're going to hide in the bathrooms or the around corners behind doors access keys but what if these shipping carriers were out in the open what if you had only four cameras having to monitor at all because that's the only space that somebody could hide in so that's actually what they're looking at and also Microsoft are actually experimenting with putting their data centers underwater as well so meaning quite hard to physically get in touch with it so these these sort of new ways of thinking I believe like when other competitors to

them are ordering in their data centers and working out making sure that they have enough for expanded growth they're ordering by the racks they're not talking about shipping containers so it just shows you the growth and size but also yeah security wise you've got dedicated teams monitoring not only on the virtual level but on the physical level as well so I just wanted to point this out as well data sovereignty is something that I've talked about a lot in the past over the last few years I was always getting creative about security and compliance around keeping data within Canada and making sure that the data that could go anywhere would go anywhere and we were doing data auditing

and tagging data to make sure that it goes to the right places the right encryption and security is applied we don't have to worry about that so much anymore so Microsoft and Amazon now have data centers in Quebec and Microsoft have them in Toronto Amazon's coming soon so but what that means is you've got on both sides of the table you've got at least two data centers in Canada they can you can set things up that data doesn't even leave so when you're talking about data security and sovereignty you can actually make sure that where it goes and a lot of a lot of the tools that you'd want to track this stuff is all free and built in with both

providers so you can see who's accessing your data you can see the paths where it's stored and making sure that those things like encryption and transit and rest are there by default and nobody has turned them off let's get into a bit of detail to make sure we go all the time okay so security around a sure so as your Microsoft is knowing for Active Directory so a lot of their pieces around Active Directory but one thing I've noticed in the last few years is they've really opened up to supporting a lot of different standards I think the open source Linux world took them by surprise and they've been playing a bit of catch-up in recent years one of the

things you may have noticed if you've been watching the title of Microsoft Azure is it's called Microsoft Azure now not Windows Azure as it was a few years ago and that's because they're actually running more open source and Linux on Azure than they do actually windows and there's more Windows actually running on Amazon funny enough so a lot of different standards there a lot of better pricing around security as well they're trying to price things so that it's not so expensive anymore to have unlimited users accessing their active directory and multi-factor authentication on both Azure and AWS is very simple to set up you could set up access to your environment within probably five minutes to both using apps

on your phone to set up multi-factor authentication in conjunction with your password login securing your apps lots of choices there using industry standards you can put encryption at the data for the applications or services what's communicating there the drives themselves you can encrypt the VHD file the file of the actual server when you upload it up there to the cloud there's lots of different standards you can even do encryption with BitLocker inside the OS itself and access so Microsoft and this is the same as Amazon they don't have access to your data I think with Amazon they can't ever get access I would have to check that but at least with Microsoft they can for support

cases but it's only on demand and as soon as they don't need access anymore it's revoked so just around the security features again a lot of options here you can actually store your encryption keys in your our own data center of Asia same with Amazon you can cut store your encryption keys off-site or you can use their service that looks after you encryption keys themselves they have key managers up there but even then they don't have access they can't decrypt those keys that are stored in there so with the server infrastructure you've got with the network infrastructure really we're looking at a lot of options here and this is all stuff that's there you don't

have to actually specially request you can jump on there right now once you've got an account set up in 15 minutes you can start setting up these sort of things except for the Express route obviously that's a dedicated internet line that you have from wherever you are adjourn is maybe it's your data center maybe it's your office straight into their data center so we have that option or you can have a VPN you can have multiple VPNs coming from multiple destinations into Azure or many different as your instances that you have lots of security and control lists IP filtering you can control the traffic you can control the users you can lock down things read-only access you can get

quite granular about even the services that they want to use and that's one thing that I talk to a lot of clients about is putting in governance in place setting who can access what why would they want to setting what size of servers but they don't spend a lot of money on your consumption based billing so security around spending is also a big issue as well so there's a lot of different layers here's a hypervisor level the security their separation one of the things we hear a lot about with the cloud is oh somebody else has got their data sitting on the same hard drivers mind so they can obviously hack into my data but what they're doing is

is virtual separation there's a lot of security around that making sure tenants are isolated making sure that people can't and our lesson on fact is with the cloud now you can actually get dedicated hardware so if that is a concern to you of having people running on the same hardware as you've got your data you can pay a bit more I think it's about 20% extra and you can get your own hardware to run on so if that is a concern that's there as well so we've got security grooves we've got our monitoring that's there by just happening in the background by Microsoft I actually had some of my guys were down in Redmond just yesterday they were

doing a tour of the one of the security operations centers that Microsoft has down there and then physical security it's all the stuff that you'd expect from a traditional data center big perimeter fences video cameras but this is at an enterprise level so if you're a small business this is something that you would probably have paid a premium for would have been cost prohibitive you probably were just happy that they had some sort of access card swipe a sticky mat as you walk through the data center and they had a generator that they tested once every six months that was probably the highest of your expectations but what Microsoft and Amazon oh god is like they're going

straight to the enterprise level and they're giving that to you at a granular cost that you can afford but this is all by default this is without you even having to especially request any of this that's where we get into shared responsibility as I was talking about earlier as Microsoft's explanation of it but basically it is saying from the operating system level up you are responsible you're responsible for the traffic that comes in the traffic you invite they do have soft rules in place a lot of the time such as how much email traffic can come in and come out they obviously don't want to have their DNS addresses and IP addresses blacklisted so they're trying to prevent that from

even happening in the first place I'm sure many of you have had to remove by paying DNS addresses in the past from blacklist it's not an easy process so they've got soft rules in place talking to a pen tester earlier about the fact that you can do denial service attacks as a test things like that that you have to let them know you have to say this is the time period that I'm be running this test between just don't stop locking down my environment don't freak out it's all okay so they do have their soft limits they do also have hard limits they have things that you can't do obviously they don't want to be exposing

their infrastructure and other layers let's talk about Amazon so here's just a quick idea of so Amazon and Microsoft only just recently last year I opened up their data centers in Canada it's just a few names probably see a lot of them we've got Lululemon just down the road sure running on there we've got BC Hydro Adobe blackberry a lot of well-known Canadian companies they're already using Amazon and probably just as many using Microsoft and I would probably argue there's probably a lot that before we even had Canadian data centers big names that were using Microsoft from the SAS side of things office 365 and a lot of their other SAS tools here's all the

compliances frameworks and certifications that Amazon has by default now what this means is that traditionally you would have to request the data center to be compliant they would probably have PCI and HIPAA but nothing much more unless they were specialized in other sorts of industries but this is all there by default so the great thing about this is even if you don't need HIPAA PCI or any of the government standards you know that they're getting independently or deterred all the time by these different frameworks and security compliances law enforcement and that make sure that they're compliant at a very high level and that's layered on top of each other so it's not just oh if I have a security

if I have a server running in this area is it going to be HIPAA compliant I have to put into the right area no that's you can put your server anywhere in Amazon anywhere in Microsoft Azure and you don't meet those compliances but we go back to shared responsibility only the layers that they look after that meet that compliance so you still have to make sure that your compliance is being met from the operating system level up and again that's something that people forget about as well and also it's not as straightforward most most organizations I know help them working with health what they face their own compliance agreements on HIPAA but they'll add a lot more to it because

there's a lot of other organizations that are integrating with their information so we're going to make sure and I'm working with clients all the time to talk to Amazon and Microsoft to make sure that we do custom agreements make sure that we're meeting those things so that's all possible as well so it's not rigid it's not here is the compliance they're not going to help you from beyond those cookie-cut pieces they will actually do custom agreements with you to whatever you need I haven't seen one yet turned back but obviously legal they go red lining each other's work all the time always a fun process to see it's funny we we wanted to play something

it'll take us an hour to deploy it but it'll take about three months to legal to work out the complaints and regulations so maturity let's talk about Amazon maturity ten years old so that's pretty old in the IT world for something to be around I mean just look at if you guys have been introduced to containers docker only two years ago or something new and now it's tough it's starting to become mainstream so ten years is like a lifetime I don't think we've had anything that old since Windows XP so I yeah and Amazon were running data centers before that's the whole reason they got into cloud was because they said look we've got these worldwide data

centers that we're running we've got a lot of free capacity let's lease it out so they were doing this a long time before that 10 years started and it's actually looking like they're going to start making more money from their cloud business than they will their actual online retail I know Google has projected that they're they're only making like 10% of what Amazon does per year in revenue at the moment but they're projecting by 2020 they'll be making more than any other piece of Google just from their Google Cloud piece so so again what does it make sure I didn't forget that Amazon also has a presence in Canada now as well so the myths so about the myth so I hear these

all the time people can hack me because my drop my physical drive we'll talk about that just before sort of debunk that already and even if you are worried about people running on your physical drive you can get your own my cloud is open to the public so I think the word public in public cloud kind of misleads people it makes them think that this is wide open it's only really for websites you can actually lock down your environment that it's not actually open to the Internet at all you could if you want to have a dedicated line straitened Amazon or Azure have it all closed off to the Internet and just you could not

even have your office open up to the Internet if that was what you wanted so the word public is a bit misleading actually had a client about eight years ago say shouldn't use the word public it scares everybody I'm like I don't invent these words ah sir so yeah we've touched on the multi-tenancy thing you can have dedicated I look yeah we touched on public I can't meet compliance tears we already talked about that how you can customize the compliance standards and they are there by default encryption access so we talked about that earlier they can't actually get access to your keys you can keep your keys they never even have them saved on their servers if you want when

you generate a key it gives you an option do you want to download this directly or do you want to save it in there bolt so you have that straightaway and you can lock them out totally obviously the risk with that there's no backdoor you lose that key you lose your data so but at least you have that choice and even if you did if you accidentally delete it from their key management area its lost as well so there is no circumstance where you can say hey Amazon can you look after my keys for me and if I lose them can I get them back or can I do a password reset on this key so I can get about this

there's no there's not even an option to do that cloud is less secure than in-house it's debatable all my my preference like I said is I'm biased was cloud my theory is they've got a crackpot team working 24/7 security expert some of the best of the world watching over these data centers it's far more than even most enterprise clients could have so and they're cookie cutting at all they're keeping people within boundaries and not just saying hey you can do whatever you like which obviously opens up a lot more things to watch if you can't touch it you don't own it so I think that's becoming debatable these days I used to talk to government

officials that we used to talk about this and I used to point out well do you go over the border with your blackberry are you using unencrypted email over AT&T network suddenly you're not touching the things that are in the white on the in the air so you're actually breaking your own rules and regulations by actually ever using anything physically outside of Canada because AT&T and them they're buffering all your information that you're doing over the over the air so maybe it's encrypted today they can hold on to it and then break it in five years time but I think it was a good story the other week wearer and that's our official is actually coming back into

the States and there was all these trump rules in place and they took a copy of all these drives and everything he refused that versus like I'm a government official I can't actually open up this for you he reneged in the end because there's no oversight over a lot of government authorities such as customs so that that was an interesting case where like what do they even want with that information so I guess customs will be flying rockets over all these walls that we're going to build between Mexico and Canada soon and then yeah cloud is offline obviously you do have the problem of if it is offline or your internet is down you don't have access but I think in the

world that most are living in today is the mobile workforce and if your office is into it down most people can go home and work from there a lot of things a web-based now and especially once you start going to the cloud you start putting these security and applications in there to be more mobile in the first place so it sort of doesn't start to make you think outside the box as well those the cloud more secure

so this is a very biased comparison here but I kinda I was trying really hard to find more examples of public cloud companies getting hacked the code space one I think was 2014 and one more cloud was the same I think the reason why if I'm going to talk a balance of why we've got so many on the right-hand side is because it really comes down to that if you were googling or looking for articles that that has a juror AWS screwed up in security it hasn't been them that screwed up it's been the company that was running on their infrastructure they've been hacked through their front ends that they were running whether that be British Columbia

they left the hard drive on a desk and we're now transporting it between data centers and then it went missing ah we all know about the u.s. problems that they've been having with different hackers and conspiracies we know about Sony was mentioned earlier and I'm sure as we mentioned a lot during last two days about their hack there I was the first to say that wasn't North Korea I guess we'll never know who target that was a third party integrating into their environment and that's where the breach happened yahoo and linkedin even have a photo company that yahoo there was a lot of our website based companies that got hacked last year with lots of our email

and user addresses being leaked but again all those stories were not about their infrastructure being hacked it was all about their front-end or vulnerabilities that they had on what they built on top of but also one of these guys are not building on Microsoft well actually all these ones that I've listed here weren't built on Microsoft Azure or or AWS or Sonne I believe is for putting things in AWS now so what does the future look like I definitely believe the health sector is going to start getting attacked more death of the password we've had so many leaks now our passwords I think people not changing passwords I think companies are going to have to take responsibility

more for enforcing multi-factor authentication I'm still on the fence about our Twitter and Facebook and I'm asking my phone number and wanting to send me a text message and then all of a sudden they've got yet another little piece of information about me but do need to do something be great if they had an app that let me do multi-factor education across everything that enforcing me on what multi-factor authentication they're going to put in place um and yeah ransomware ransomware has been a big one that's seen governments in Canada getting hit by this all over the place and that's only going to increase anywhere that they're profiting and they are property and they're making good money out of this

it's just not worth the time the numbers that they ask in their ransom not worth the time to actually mess about and try to fix the encryption or I mean if you've got good backup and you've got a good security in place prevention is the only real cure to it but like viruses back in the day they're evolving everyday and then I think I heard somebody on stage mention this earlier so there might have been an announcement yesterday about this but I know that Canada has been considering a data breach bill and it's something that's getting implemented in the EU this year meaning about being elderly being announcing things I think it's within 90 days of there being a data breach you

need to be announcing that publicly otherwise you're going to face some tough sanctions that really shows that like documenting and having a plan in proof in place for when those things happen is pretty critical so yeah so how can we overcome this how can we prevent it planning as I was talking about whether that's planning with templates blueprints putting some governance in place to make sure you know who has access to what what were their allowed to doing it by scripting temp templates encoded instead of GUI interfaces and also having documentation about your processes whether that be when we do a dr we don't want to be running around with our heads on fire and just do

whatever works we want to make sure that the security is still in place when the dr goes into effect when we have a breach do we have documentation on how we release that to the public so education making sure that everybody's up to speed everybody is confident about what you're doing accountability that's all about the governance making sure we're documenting and making people accountable for what is actually going on and in a certain situation who to turn to audit logs and tracking ties back to accountability as well being able to have those things in place make sure it doesn't get lost and make sure those things are turned on and that everybody is agreeing to it and

that you have minimum standard thresholds in place so shared responsibility just pointing out edge security of story about earlier sofas having one of the most popular UTM devices on amazon they also have an XG device the firewall and they're coming out with a UTM very shortly just like amazon's one on asher internal security making sure that you have malware and other protections and this but especially if you're running VDI in the cloud it's become quite cost effective to have virtual desktops and applications running in the cloud and then their patching you typical data security network design making sure you have a DMZ demilitarized zone you in private and public subnets making sure that those things are separated

I mean Amazon and Microsoft to us isolating things from the hardware level but you've got to also do that from the virtual network level as well and resource tagging is an interesting one as well you can actually tag resources within your cloud environment this can be interesting for alerts chargeback for building things like that and lastly just there's a plug for ourselves just working with partner we've got lots of experience manage services and support having somebody to call on at anytime not just taking a guess or feeling like hey everybody in this room has never done this before agree with what I'm about to do have a partner that you work with who has that experience across your

industry and your templates and things that you're putting up there make sure they have mentorship you don't want to just be calling up when something breaks you want to be able to call them to actually say hey I've just written this script to deploy my hundred servers out there can you have a look see if I've made a mistake see if I've accidentally put three extra zeros in front to delete something so you don't have a outage like what happened with Amazon the other week assessment so we can also help you of assessments maybe that's a once-a-year order to make sure that you guys are still following everything you talked about or weather management just thinks that you're

practicing that but in practice it's not actually happening and then yeah like hybrid cloud there's a lot to know differences between traditional private cloud and the public cloud how do those work together find a partner that has experience on both you don't want somebody who just knows data center and is biased towards that you don't want somebody who just knows cloud and is going to stop everything in that box for you want somebody who even if you do go 100% cloud you know that you sized it up you made sure that the traditional data center was not the right choice and make sure they're certified there's lots of people out there saying that their managed service

providers but are they certified are they certified are they winning awards from companies like MSP mentor are they certified by the cloud provider themselves I know that we get independently audited by Amazon every year and we're the only Canadian company that has been certified as an MSP with Amazon for example so just lastly to wrap up I just wanted to thank Alex for the beers and putting on this I think it's been a very valuable event for everybody if I speak just I don't know where alex is but I just wanted to give a clap since we're wrapping up the day and we've one last great speaker to come up here about health industry but yeah I

just wanted to thank them and just lastly myself I run a local community group here in Vancouver and Seattle we run it every month it's free come have free beers and food and network and we always have two great speakers on the talk about cloud in general anybody is interested in speaking volunteering helping being engaged in any way other than just attending and learning and networking with others let me know there's the next event or you can always go to the website to see when the next event the next month is on as well thank you everybody for your time if there's any questions I could take a quick a few there's still time I know how I'm going

exactly to time

ah hello question I'm wondering what what is your general impression on the security posture and security controls between a juror and a data as it was stronger in some areas than other when you talk about as you're in iws I think they're pretty equal when I get into pricing it gets a bit more interesting everyday changes but security they're pretty much on par the only difference I see is that Microsoft let you actually see their data center Amazon dozens that really depends whether you're a doubting Thomas or not whether you just trusted Amazon's doing everything right but I mean the fact that they have all those independent compliance audits happening gives me the trust that somebody from an

authority is actually keep you on path and when it comes to compliance as well it pretty much neck and neck like they each one comes out with a different iso standard or something every few months and then the other one hits back with something else sort of these so they're pretty much they've got all the core stuff covered is my feeling they're pretty on par when you start talking about other providers like Google and IBM and that then that would be a different story I have not done a comparison but I imagine that they're not up to the same sort of par is my guess I've got a question about the route sovereignty requirement I

understand recently Microsoft and other providers have to have a route through the Canada to their VPN sites like Microsoft experts route and any other VPN it has to be going through Canadian as these versus making a little turn to us and come back to Canada can you shed some light on that I haven't I know that last year when I was checking up on that yeah it was true that they didn't have direct connect an Express route it is coming it will be coming the questions really about that direct line that talking about from your office or data center to their Canadian data center is that eeeh I have not checked up recently but I know is that obviously they focus

on the data center first getting that all up to parity with the other data centers they have around the world so that you can expect the same services across things and that that backbone network is obviously something that yeah would be something that would be one of the last things but obviously an important thing as well like obviously they have a lot more advanced features that are going to come after that and I think that that would be next on their radar if not I haven't kept up in the last few months whether one of the other has released anything yet but I do know what I was talking to a partner of ours just a couple of months ago that what we

were waiting for that so so it's definitely coming I just don't know when hey there hi I was wondering about the server list stuff so there's a zero functions in AWS lambda if you flicked it those if there's any surprises they seem like they're pretty solid in terms of security it's interesting that you say that last night I was I stumbled upon an article about security with civilus architecture I didn't read it yet ah but hey yeah I mean again that started civilus architecture is really where you're doing everything by code you're not actually having a Windows server running again there would be a certain point where it's your responsibility so it's probably like if

we were to look at those models of infrastructure like infrastructure of the service platform as a service and SAS that's service architecture or no not technically correct would probably sit at that past level where they've taken the server operating system and all that away from you but you've still got to look after is your code doing things correctly have you set up the right security groups a CL list and those sort of permissions and security access so the networking piece still operates the same that's wrapped around your server less code I probably doesn't answer it I I'm going to read that article tonight when I get home I'm wondering when you guys have customers that come to you and say we want to move

to the cloud weather incrementally or listen shift what is it that differentiates your recommendations regarding one provider over another why would I pick one clap provider over and over exactly it's a hard one it's it's definitely something being agnostic I'm doing it every day re-evaluating which way I and to direct people it really depends on what they're doing we really focus on the applications a lot of clients look at me weird I they say here's the CPU is the memory here's a disk space and they go all let's not even go there yet let's talk about the applications what are you running what what sort of access to the applications need what now let's look at like just

off my head I'll be like ok so that is much more expensive to run in Azure because they just don't have that as a service yet or maybe it's more expensive to run in Amazon because they don't fully support it or you've got some licensing agreement with Microsoft to bring it over a lot of time its cost and how close to the ecosystems are those to favor Microsoft obviously of it favoring their Microsoft ecosystem although they are friendly to open-source I mean sequels sequel databases can now run on Linux ah the hell has frozen over now but yeah Amazon is has a lot more choice and options around open source a lot of times you can get more granular on

costing and things with Amazon on that way so it normally comes down to a cost thing and compatibility for what you're doing but both work very well and if you just move running virtual machines it normally become an exact cost comparison feature comparison they can both pretty much do the same things as just one is slightly better at open-source in my opinion one is slightly better at our Microsoft ecosystem you've got talked a couple of times about private connections to cloud providers I just want to share with the group that a company called Council is launching in Vancouver shortly and they have dedicated connections to 170 data centers worldwide and if you can get to

them at the harbor center actually they'll be co-located with collage X it's about $400 for a 100 into any date any of those data centers in North America and you can buy the Hunter Megan you can actually split fifty Meg to Oregon and 50 Meg to Montreal or any combination of those data centers and the the traffic goes up to ten gigs if you want and if you're playing in that larrya so sorry just clarified you're saying that they're doing Amazon and Microsoft in Canada correct okay cool so they must have opened it up then yep so what was the name of the company console hello and Sol II okay oh I will look them up afterwards and a few others who

will so thank you for sharing that if that is everybody thank you for your time and yeah if anybody has any questions afterwards feel free to come and find me

you