What is a Cloud Engineer and how many types are there?

Benefits & Challenges

More and more companies out there are discovering the benefits of the cloud and migrating or developing their systems to take advantage of them. The most important reason is, of course, taking from their shoulders the weight of having to maintain expensive and critical server infrastructure in-house, and instead leaving it to a specialized company.

Still, adapting to the cloud is not exactly simple. If you already use an in-house system and have been using it for years, it means transferring gigabytes or terabytes of data and making it work over the internet (if it was designed to work in an intranet). And lots of things can go wrong in the transition process.

And if you are just starting to implement a system and want it in the cloud, you also need someone with experience in it to oversee implementation, choose the best cloud plans and maintain contact with the cloud provider in order to solve problems, do maintenance and keep track of server status.

And the people responsible for these kinds of jobs are normally referred to as cloud engineers. Still, as using the cloud brings its own set of challenges, cloud engineers tend to specialize in one specific side of it, meaning there are many types of cloud engineers out there. Here are some of them: Jailbreaking VS Rooting 

Cloud architect

The cloud architect is the one in charge of infrastructure. That is, they are the ones in charge of figuring out which is the best cloud plan and cloud company to pick for the application you have in mind, as well as figuring out how best to take advantage of the cloud, designing the applications that will be hosted in it, how other applications will interact with, among others.

That is, they are the others in charge of figuring out how things are going to work.

Software engineer

The cloud software engineer is the one in charge of actually developing those applications. They need to master programming languages that specialize in creating server software, such as programming languages designed for web development, and also need to have experience with these kinds of server software development, as cloud servers can be much more complex than web servers.

The software engineer mainly needs to lead the software development team and choose the languages, tools, techniques, philosophy and methodology that will be used to develop all the software involved with the cloud, as well as figuring out how the cloud software will connect with the local software or apps that it needs to be connected to.

Network engineer

As the cloud servers have to connect to local computers, tablets and phones over the internet, it is also critical to keep the internet infrastructure up and running to ensure everything goes smoothly. While there isn’t much that can be done about the cloud servers themselves, you’ll need to ensure that you have a good enough internet plan, that the network infrastructure in the company is able to handle all the traffic it needs to, and that all computers remain connected to the internet.

There may also be other upgrades which can be considered if needed, such as local caching servers, creating an intranet, controlling internet access, among others, which can also be done by network engineers if they feel it may be necessary in order to increase network speed and reduce internet traffic.

Security engineer

And, of course, as you have to connect to the cloud over the internet, it means it is also less safe than a hidden, local intranet. So, you need someone that ensures the cloud servers are secure, in order to prevent hacks and database breaches. The security engineer also has to ensure that connections to the cloud are secure whenever possible, such as by use of encryption and VPNs, in order to prevent traffic from being intercepted too.

The cloud is very powerful and can bring you many benefits. But to reap all these benefits, it is also important to have the right professionals by your side.

Why Cybersecurity is One of the Fastest Growing Tech Fields Today.

The Never Ending Increase of Severe Cyber Attacks.

On May 7, the system of a Southeastern American pipeline was struck by ransomware, a computer virus that encrypts the computer’s entire storage and turns it hostage. The virus’s creator will only allow the users to restore their data upon payment of a (pretty large) amount of money. In this case, it was 75 bitcoins, that is, 4.4 million dollars.

Last week, a group invaded the servers of EA (Electronic Arts), one of the largest game publishers around, and managed to steal about 780 GB of data, including source code and assets of games yet to be launched, such as FIFA 21 and Battlefield 2042.

Not to mention that database breaches are becoming ever more common. Recent large and famous leaked data include information of 500 million Facebook users (April 2021),  2.3 million Indonesian citizens (May 22, 2020), 6.9 million Dutch citizens (March 11, 2020), 220 million Brazilian citizens (January 2021), 250 million support records from Microsoft (January 22, 2020), among many, many others.

We have a problem

For most companies, even tech companies, cybersecurity has always been a secondary matter. Many more investments were made in physical security (such as implementation of security systems in company headquarters) than in securing their servers and terminals.

And that is because hacking wasn’t such a common problem for a long time. It used to be very difficult to manage to learn how to crack open databases and invade server farms. Companies would suffer breaches only when they didn’t take simple measures such as encrypting their databases. The main problems were dealing with software and hardware cracking/jailbreaking, like those that happen to the iPhone (remember GeoHot?), game consoles and PC games.

Now, however, there are thousands of internet forums and groups dedicated to cracking software and doing malicious hacking, everywhere in the world, and those guys even manage to crack especially difficult anti-piracy software, such as the famous Denuvo, in a matter of days. There are reportedly even military hacker armies in some countries, such as Russia, Iran and North Korea.

Better late than never

With the rise of data breaches, many measures came forward in order to try to prevent more of them. On one side, large tech companies started investing in cybersecurity, and some cybersecurity startups and products started to come up left and right, such as Cloudflare, ThreatLocker and VPNs. On the other side, it also caught the attention of governments everywhere, leading to the creation of General Data Protection Regulation (GDPR) in the European Union, which then became a model for data protection laws in other countries. So, if getting the bad fame of having your data breached wasn’t enough incentive to invest in cybersecurity, a big enough fine accompanying it probably would be.

So now, of course, every company out there is scrambling to catch on to the hackers and protect their servers, terminals, and whatever kind of software and hardware they have that is connected to the internet – along with measures to prevent other kinds of data breaches, such as break-ins and social engineering (ever watched Mr. Robot?).

However, creating effective cybersecurity is pretty hard.

You see, you can’t major in cyber security awareness, for example, nor do any kind of specialized course focused on it. There may be one or two courses on it during a major in Computer Science, or maybe just a lecture. If you’re lucky, maybe there are graduate programs on it.

Hacking, and by extension cybersecurity, is still more of a craft: you have the masters, and you have the apprentices learning from them. It is a very secretive endeavor, and you have to know your way around the deep web in order to learn more. And that means putting yourself at risk: if those guys can play around with huge tech companies and government databases, they can just as easily find out who you are if you take a step in the wrong direction.

So, cybersecurity is in high demand – but the supply of good white hat hackers is still far from enough. Meanwhile, the black hats are thriving. How do you think this is going to end?

Cyberespionage & Weaponized Social Media

Cyberwarfare: what is it exactly?

Cyberwarfare is war 2.0. Instead of wasting a lot of time and resources into trying to bring down an entire country, you just need to take advantage of everything the internet and information technology brought us to cause some chaos and profit from it. And if you know how to do it well, then you won’t even get any kind of retaliation.

The thing is, because cyberwarfare is such a new concept, sometimes it is hard to figure what exactly it is. Cyberwarfare is not mere hacking and hacktivism, like Anonymous does. It is the internet being weaponized, along with the employment of militarized hackers and crackers following someone’s orders.

Let’s talk a bit about how it all works.

Leave no trace

Cyber attacks such as invading and disrupting systems or stealing information commonly leave behind the invader’s IP address. It is always logged somewhere on the server. Even though ISPs commonly use dynamic IP addresses (that is, they change with time), you can at least find out the person’s country of origin from it.

However, there are many ways to hide someone’s IP, which are already commonly used by hackers and also by common internet users too.

The crude, older way is by using proxies: remote servers which act as a “middle man” between the user and the server that user is looking for. Because of this, the IP that the end server receives is actually the proxy’s IP.

The most modern way however is by using Virtual Private Networks (VPNs). They act similarly to proxies, but commonly feature some added benefits such as higher anonymity and data streams protected by cryptography.

If the objective is to make a server go down, that is even easier: Distributed Denial of Service (DDoS) attacks commonly involve thousands of random devices throughout the world which were infected with malware, and then act without the theirs owner’s knowledge.

Cyberespionage

The most useful part of cyberwarfare is definitely cyberespionage. With the usual espionage, you have great risks of being traced, because you need agents in place to obtain information for you. They can be either one of your agents, or a foreign person that is hired to do that stuff. Obviously, your own agents are more at risk of being exposed, while the foreign ones are more at risk of exposing you.

With cyber attacks, however, tracing is much more difficult. You can land keyloggers, spyware and other kinds of malware into many different computers anywhere you want. You can hack straight into databases while hidden behind layers of proxies and VPNs and get exactly what you want. It can be a bit harder to pull off, but the risks are lower and the reward is greater.

This way, you can steal information from various government agencies, companies and individuals. Not even rigid, high-tech security systems may avoid these kinds of attacks. If you’ve watched “Mr. Robot”, you know what this is about.

Weaponized social media

The most covert type of cyberwarfare, and sometimes the most effective, is taking advantage of social media’s (and the internet’s) anonymity in order to spread propaganda and fake news, and feign mass support for those pieces of information.

This is psychological warfare at its finest, and is able to swing the opinions of anyone, as long as whoever is coordinating it manages to make their information agree with their target audience’s current beliefs. Its effects can range from causing discord among politicians to swinging entire elections.

This works by creating a huge amount of pages and websites with different styles delivering about the same content, while another even greater amount of automated profiles interact with it on a daily basis. The sudden popularity will make those websites and pages more likely to appear to the human users, who may be intrigued by such popularity and look into it.

Although social media content policing is something rather controversial, it seems to be the only measure at this time which can curb these kinds of attacks, as they can quickly become a matter of internal security. Over time better measures may and will have to be created, as it seems that this new kind of warfare is here to stay.