Cloud security evolves quickly. What worked well even a few months prior can be outmoded and forgotten as devops teams find new and better ways to build infrastructures and workflows. But as the saying goes: the more things change, the more they stay the same.Some concepts in information security remain the standard for the theories that today’s devops teams use to build new technologies and processes. Many older yet essential ideas are woven into the fabric of the tools we use every day. One of these foundational concepts for cloud security is pets versus cattle. The pets versus cattle analogy influences many decisions and processes made on devops teams as cloud infrastructures grow in size and importance. Here’s four reasons why the barnyard-sounding metaphor still persists in the memories of devops teams around the cloud security world, and how organizations can adopt these foundational ideas for more efficient cloud operations.
#1: Cute and cuddly pets aren’t always the best fit for cloud security
The pets versus cattle analogy is fairly simple: think of how much bandwidth a person puts into caring for a cute pet like a puppy or kitten, versus how much care goes into maintaining a herd of cows on a farm. The puppy will get all the trappings of individualized attention, like a name, toys, tasty food and treats, and specialized medical care when they’re sick or injured. On the other hand, cattle typically don’t have names and they don’t require the same level of nurturing and attention as the puppy. The two sets of animals are essential to the farmer, but the level of maintenance differs wildly.Pets are high maintenance. In cloud security terms, this maps to processes and hardware that require a ton of attention and resources to maintain. Cattle are lower maintenance, which makes it easier to replace them and make nimble decisions if they get sick (cows) or lose functionality (cloud systems). It’s a blunt way to look at things—especially if you’re an animal lover—but it can give a lot of context into how teams can save time, money, and resources on their devops needs. Randy Bias explains the difference between pets and cattle in computing:
- Pets as servers or server pairs are treated as indispensable or unique systems that can never be down. Typically they are manually built and managed. Examples include mainframes, solitary servers, high availability (HA) load balancers/firewalls (active/active or active/passive), or database systems designed as primary/replica.
- Cattle as arrays of more than two servers are built using automated tools, and are designed for failure, where no servers on the chain are irreplaceable. Examples include web server arrays, multi primary datastores such as Cassandra clusters, multiple racks of gear put together in clusters, and just about anything that is load-balanced and multi primary.
The most important thing to remember from the pets versus cattle discussion is which processes should be unique and indispensable versus which ones can be disposable and function as one of the herd.
As organizations ramp up their cloud presence, security priorities can be defined by the pets versus cattle idea to help devops teams stay nimble when building infrastructures and creating security policies.
#2: Cattle can lead the way to an elastic cloud security posture
For pets versus cattle to work as a cloud security concept, teams must understand why the cattle idea is so powerful. As Randy Bias shares in his presentation on how to use the pets versus cattle concept effectively, failure is inevitable. As systems, servers, and apps fail, the top priority is limiting the damage and keeping everything online as much as possible. An elastic future of cloud security is possible through cattle-like construction: building things to fail with minimal impact and planning routes around failure.Cattle-based thinking allows for no required human intervention during failure events. An array built on the cattle concept exhibits attributes of routing around failures by restarting failed servers or replicating data through strategies like triple replication or erasure coding. A more individualized, pet-centric approach would require direct human intervention when failures occur — racking up time and money lost from diverting resources to fix the error.
A cattle approach allows cloud security teams to think proactively about to their systems, replacing the reactive tactic of fixing things after they break. This is one case where it’s good to be part of the herd.
#3: Scaling out with cattle versus scaling up with pets
The metaphor of one trusted companion (a pet) versus a hardworking herd (cattle) helped define one of the biggest paradigm shifts in cloud computing: scaling out over scaling up. Growth is one of cloud adoption’s main attributes, but organizations are rethinking how to make that growth work both as an immediate solution to their limitations and as a sustainable, long-term solution.Scaling up means adding more resources on an existing server's hardware, like CPU and memory. But this can be hard to sustain as individual pieces of hardware have limits. Scaling out is based on the idea of horizontal scalability: adding more simple servers rather than buying a powerful single machine. Netflix, Uber, and Amazon use this to provide the same user experience to a large number of customers around the world. Amazon Web Services (AWS) especially uses scale out computing to allow their customers to easily deploy and operate a multiuser environment for computationally intensive workflows. When measuring your organization's scalability, it helps to think in terms of this list:
- Higher volumes of data: Meeting large cloud storage capacity needs is a must, plus the high demand from users searching, sorting, and reading data throughout the cloud.
- Higher concurrency: Cloud applications can struggle with high concurrency — the number of users who can interact with a system at the same time without the extra loads impacting their experience. As more user sessions in the cloud are active at the same time processing connections, threads, messages, and data flows in parallel, all requests are processed by the same servers.
- Higher interaction rate: This measures how often users exchange some data on your servers. The rate of interactions can increase or decrease according to the type of applications running on the servers, like how an online multiplayer game has a high interaction rate because it has to exchange messages multiple times per second between multiple nodes in the application.
The challenges of scaling can be addressed with a cattle-first approach to cloud security. Many components of your cloud systems are already under tremendous stress. Give them a break with a simpler security solution based on cattle over pets.
#4: Kubernetes can make better cattle than pets
Kubernetes is growing in popularity as containers in cloud systems. But the new dog can still fall for old tricks. Devops teams working with Kubernetes clusters sometimes find themselves relying on pets-focused thinking with these containers. As the de facto standard for cloud operations including security, Kubernetes simplifies the process of deploying and orchestrating containers. However, installing, managing, and updating Kubernetes itself is no simple undertaking. Some companies are treating their Kubernetes clusters as pets, running a few large vital clusters rather than multiple smaller replaceable clusters — which is in direct contradiction to the cloud-native principles Kubernetes was founded on.The cattle approach brings out the best in Kubernetes clusters. Security leaders can see the savings directly in the company’s bottom line. In a case study with the CNCF, when a mobile app company standardized their provisioning and outage recovery with Kubernetes, they reduced their outage time by 88%. Treating infrastructure as cattle allows companies to simply replace their infrastructure and come back online sooner.
Outages equal lost sales. Pets cost more than cattle. If you’re ever looking for a simple explanation for choosing cattle over pets, this should suffice.
Simplifying cloud security can make the incoming wave of new cloud adopters much easier to manage. Consider the following stats about cloud growth in 2020:
- By the end of 2020, 67% of enterprise infrastructure will be cloud-based.
- 82% of that workload will reside on the cloud by the end of this year.
- The average person uses 36 cloud-based services every day.
Cloud security professionals face tough decisions that can impact their organizations’ entire security posture. You can find answers by understanding where pets versus cattle can apply in your security tech stack. Try starting some conversations within your teams about pets versus cattle and see where the new ideas can take you.
About Nightfall
Nightfall is a best of breed cloud-native data loss prevention platform that can automatically discover, classify, and protect data within SaaS and IaaS cloud environments. With over 100+ machine learning detectors for sensitive data and customizable remediation workflows, Nightfall is an easy to deploy cloud security solution that can quickly address data leakage within platforms like AWS, Slack, Jira, and many others. Learn more by scheduling a demo with us below: