The Shanghai police thinks like you, so they purchased a very expensive "private deployment of Alibaba Cloud", which in China usually works like this:
1. The customer build a data center.
2. Alibaba Cloud purchases servers, deploys them in the customer's data center along with all Alibaba Cloud software (same as in the public cloud).
3. Customers do whatever they want to the thing.
Basically by "private cloud" they really mean it, something AWS won't ever do.
In this case, the system is technically "not connected to the Internet", but we all know what this mean: it certainly will be occasionally.
Most cases I know, the customer cite "data security" as the reason why they would like to do this, because on-prem are always more secure right? But I hope we could agree on why this does not work:
- It is now very difficult for Alibaba Cloud to do ops work on these private deployments, so ... there will be maybe 2 releases per year, or in some cases never, including security patches. It's not rare to find a 5-years-old struts2 vuln in the control plane of such private deployments, and in the coming years it would be log4j2 I guess.
- Alibaba Cloud put serious effort into securing their public cloud, and even covering the ass for the customer. For example similar to GitHub+AWS secret scanning, they also proactively revoke access keys once the key appears on the Internet. The customers, on the other hand, usually do none of these.
In short, security is largely an Ops work and economies of scale also work here.
In the end these on-prem systems depend solely on network isolation for their security, and... air-gap does not always work.
The Shanghai police thinks like you, so they purchased a very expensive "private deployment of Alibaba Cloud", which in China usually works like this:
1. The customer build a data center.
2. Alibaba Cloud purchases servers, deploys them in the customer's data center along with all Alibaba Cloud software (same as in the public cloud).
3. Customers do whatever they want to the thing.
Basically by "private cloud" they really mean it, something AWS won't ever do.
In this case, the system is technically "not connected to the Internet", but we all know what this mean: it certainly will be occasionally.
Most cases I know, the customer cite "data security" as the reason why they would like to do this, because on-prem are always more secure right? But I hope we could agree on why this does not work:
- It is now very difficult for Alibaba Cloud to do ops work on these private deployments, so ... there will be maybe 2 releases per year, or in some cases never, including security patches. It's not rare to find a 5-years-old struts2 vuln in the control plane of such private deployments, and in the coming years it would be log4j2 I guess.
- Alibaba Cloud put serious effort into securing their public cloud, and even covering the ass for the customer. For example similar to GitHub+AWS secret scanning, they also proactively revoke access keys once the key appears on the Internet. The customers, on the other hand, usually do none of these.
In short, security is largely an Ops work and economies of scale also work here.
In the end these on-prem systems depend solely on network isolation for their security, and... air-gap does not always work.