The realm of cloud services has seen a significant expansion in recent years, introducing various experimental offerings along with those that are rapidly maturing and gaining users. Among these new offerings is a service called supercloud, also known as application migration as a service. Supercloud is set to become a prominent player in the field, raising concerns about its security implications.
While the concept of supercloud has been discussed since 2016, its true potential is only now being recognized. In simple terms, supercloud facilitates seamless movement and operation of applications across multiple cloud environments, including private clouds. The goal is to address the challenges of compatibility and manageability within a multi-cloud architecture, thereby reducing headaches and potential complications.
The benefits offered by supercloud are particularly appealing to organizations already invested in multi-cloud environments, which often find them cumbersome, expensive, and difficult to operate and maintain. Supercloud allows applications to run in virtual machines (VMs), containers, or as abstracted code, similar to serverless computing, in any region with network connectivity to major public cloud service providers (CSPs) like AWS, Microsoft Azure, and Google Cloud. Additionally, applications can leverage the cloud-native functions and services of each CSP without requiring customization to support their individual frameworks. Instead, the supercloud provider abstracts these functions and services, making them accessible and easily manageable through a single environment. As a result, organizations can optimize their cloud resources and potentially reduce costs by utilizing a variety of cloud services simultaneously.
However, the implementation of supercloud raises concerns regarding security, which is already a significant challenge for managing multi-cloud deployments. Security teams have come to realize that each cloud environment requires unique skills, different processes, and workflows, as well as the potential introduction of new security products and services. Unfortunately, the introduction of supercloud doesn’t necessarily alleviate these challenges. Instead, it creates additional security risks that could impact organizations.
One of the primary concerns associated with supercloud is the issue of vendor lock-in. While supercloud enhances portability and interconnectivity, shifting from one supercloud provider to another may not be a seamless process. Moreover, supercloud introduces a potential single point of failure, necessitating close attention to service-level agreements and resiliency measures by security and operations teams.
Furthermore, the centralized nature of the supercloud provider creates a significant threat surface and potential compromise across multiple disparate environments. Security teams already struggle to maintain adequate visibility, detection, and response capabilities in each cloud they operate in. Adding a supercloud abstraction layer is unlikely to improve this situation. A single compromised privileged user, such as a cloud engineer or DevOps engineer, could potentially cause havoc across an organization’s entire cloud stack. Identity and access management in the cloud is an existing concern, and careful definition of privileges and guardrails is essential to mitigate supercloud security problems and escalate insider threats or other scenarios.
While supercloud holds promise, it is still relatively new and untested, making it challenging to gauge all its risks accurately. One foreseeable risk, however, concerns the potential loss or lack of skills in each respective cloud as organizations transition to an abstraction layer. This could impair the ability of security teams to identify vulnerabilities within specific clouds, leaving them increasingly handicapped in their efforts to protect organizational assets.
It is worth noting that supercloud does not aim to replace existing leading providers such as AWS, Microsoft Azure, or Google Cloud. These providers offer foundational software-defined infrastructure for storage, networking, orchestration, and more. Supercloud merely applies a glossy layer of abstraction on top. However, this veneer could be detrimental if organizations lack the knowledge and expertise to architect and operate assets within each cloud independently.
Only time will reveal the true implications and benefits of supercloud, but until then, it might be worthwhile to consider a more fitting name for the concept. After all, “supercloud” does not inspire confidence. Perhaps a more creative and engaging term could be utilized instead, unless we want to find ourselves discussing the merits of “batcloud” in the near future.