Copiloting the Cloud with Dave Kerber
The concept of the cloud can be a little confusing, and downright magical.
The cloud refers to an intangible network of servers that work together to perform a number of services concerning data, it’s management, and storage.
With so much of our personal data being stored “on someone else’s computer” and a rise in ransomware hitting small businesses, how do you ensure your data is secure?
We sat down with Dave Kerber, founder of Cloud Copilot to chat about it on the Growing a Fruitful Brand podcast.
Cloud Copilot is a fast and effective solution for businesses who run AWS (Amazon Web Services) infrastructure for their business needs.
With ransomware posing a real threat to small businesses, Cloud Copilot provides support to manage and secure cloud hosted data and services to mitigate risk and monitor for threats.
What is the AWS shared responsibility model?
Simply put: AWS only assumes responsibility “of” the cloud.
The shared responsibility model states that as the user, you are responsible for utilizing best practices to securely host your data on AWS; including access management, data encryption, and firewall configuration.
As a business leader, you have enough to worry about, let alone trying to understand and monitor cloud computing best practices.
This is where Cloud Copilot comes in by offering an affordable, worry-free solution to managing and monitoring your data on AWS. Basically, let the geeks do the dirty work.
Learn more about Cloud Copilot and sign up for more information as the platform rolls out.
Listen in and geek out with Ben and Dave on this week’s episode of GaFB and learn more than you thought you wanted to know about cloud computing.
Ep. 37:
Copiloting the Cloud with Dave Kerber
Automated Transcript
Ben Lueders:
What is the cloud anyways, and why does it matter to small business leaders like you? Hey, welcome to Growing a Fruitful Brand where we discuss how to create and grow a brand that makes the world a better place for you, your customers, your employees. I'm Ben Lueders, founder, and art director of Fruitful Design Strategy, and today I'm talking to my friend Dave Kerber, founder of Cloud Copilot, an affordable, fast, powerful app that helps small companies manage their Amazon web servers and helps mitigate their risk of being hacked. Today, we get into what exactly the cloud even is, the dangers of ransomware and how Cloud Copilot focuses on the nerdy details of servers so that business leaders, you can focus on what you love most things like your clients, your products, your employees. I hope you enjoy my conversation today with Dave Kerber. Dave.
Dave Kerber:
Yeah.
Ben Lueders:
Thanks for being on.
Dave Kerber:
Thanks, Ben. I'm excited.
Ben Lueders:
So I don't remember when we met, but I know that we did some work together when you were doing Agape Red.
Dave Kerber:
Yeah. I remember.
Ben Lueders:
What was Agape Red?
Dave Kerber:
Agape Red was a local software consultancy. So I like to tell people, we literally built everything from accounting software to video games.
Ben Lueders:
You did video games?
Dave Kerber:
We did a video game once.
Ben Lueders:
That's awesome.
Dave Kerber:
It was very cool. It was mobile and web, iOS, Android. It was neat. But-
Ben Lueders:
That's awesome.
Dave Kerber:
... yeah, so it was a local consultancy that built software. We did startups, we did Fortune 500s, kind of anything.
Ben Lueders:
Yeah, it's kind of fun.
Dave Kerber:
It was.
Ben Lueders:
Now we should just talk about video games, the rest of the conversation.
Dave Kerber:
Have you played Tears of the Kingdom yet?
Ben Lueders:
No, I'm actually not much of a gamer, but my kids are wanting to make me more of a gamer.
Dave Kerber:
Nice.
Ben Lueders:
What's Tears of the Kingdom?
Dave Kerber:
It's the new Legend of Zelda game that just came out.
Ben Lueders:
Oh, yeah. So our copywriter is a big Zelda fan, and I didn't even realize that's what it's called, but she just calls it the new Zelda-
Dave Kerber:
Got it.
Ben Lueders:
... and I think she's been getting into that on the weekends. So...
Dave Kerber:
You got to be careful with it.
Ben Lueders:
Pretty good.
Dave Kerber:
Yeah.
Ben Lueders:
Awesome. Awesome. Okay. That's going to be all that we talk about.
Dave Kerber:
Okay.
Ben Lueders:
About video games. But Dave is kind of a serial entrepreneur guy. He is done a bunch of different things. Agape Red turned into OpsCompass, and now he's got a new thing that he's repping. You might have noticed he's got this shirt. This isn't just a graphic tee from Target.
Dave Kerber:
There we go.
Ben Lueders:
But Cloud Copilot. And so today we want to get into the cloud, and I know that's kind of a buzzword. People have been saying this for a while. Our audience is a little bit mixed. I think there's going to be some people who kind of live and breathe the cloud. And then others, maybe more like me are when they think of the cloud, they think of more Google Drive, Dropbox, that kind of a thing, like the files up in the cloud. So I just thought maybe Dave, to kind of start, could you just define what you mean when you talk about the cloud?
Dave Kerber:
Yeah, sure. The cloud generally could just be described as other people's computers.
Ben Lueders:
I like that.
Dave Kerber:
And those other people are generally giant corporations. So as technology evolved, we used to have big giant mainframes that were the size of buildings, and they got smaller and smaller and smaller. And then eventually it was data centers all over the country in the world. And I remember in a previous role, we had servers at a co-location facility, and sometimes things would go wrong, and I'd have to drive down there and really go into this raised floor air-conditioned room just to push a button and be like, "Okay, the site's back-up."
Ben Lueders:
Wow.
Dave Kerber:
And-
Ben Lueders:
That was 1975.
Dave Kerber:
Yeah.
Ben Lueders:
It was long time ago.
Dave Kerber:
Exactly. Exactly. And then in 2007, Amazon, as part of the infrastructure they were building out for this massive e-commerce site they were building, they needed a way to scale it and make it more flexible. And they decided to make that available to customers. And that was their first service was Amazon S3 for Simple Storage Service and-
Ben Lueders:
S3.
Dave Kerber:
... how do you store files online? How do you make that really easy? And then they eventually did a elastic cloud compute, which is how can you, through software spin up a server.
Ben Lueders:
Wow.
Dave Kerber:
And then that came out. And then the cloud generally was born. And now that is a huge trillion business across several different companies. It kind of falls into three main categories. There's infrastructure as a service, which is like, "I need servers, and you can do anything with those servers." There's also platforms as a service. So I need a database, right? And Amazon, you know how to manage databases. So I'm going to let you do all of that and just tell me how to connect to it. And I'm going to put data into it and pull data out of it. And then SaaS, which is probably what most people are familiar with.
Ben Lueders:
Software as a service.
Dave Kerber:
Software as a service.
Ben Lueders:
I know you all know that, but just trying to impress you.
Dave Kerber:
Yeah. So if you use Salesforce or HubSpot, or even like you said, iCloud, right? That's what that's SaaS that you pay Apple for every month, and it runs that software as a service for you.
Ben Lueders:
Well, the thing that's interesting that the term, the cloud just sounds so ethereal and magical. It's just like things are swirling around us in the sky. But I love how you define that about basically using someone else's computer. I mean, there are still literally just huge servers holding tons of information. And even though it seems just unlimited and magical to those of us on the side of it, I mean, there has to be real boots on the ground, physical infrastructure for all this stuff. Where are these places? Where are they like?
Dave Kerber:
Yeah, that's a great question. They're all over the world. And so it's started in Virginia with AWS. That was their first data center.
Ben Lueders:
Oh, I didn't realize that.
Dave Kerber:
Yeah, so US-East-1, that's where it all started. And they have, I believe, 33 regions around the world now. So four in the United States, they've got Canada, South America, Africa, Europe-
Ben Lueders:
Crazy.
Dave Kerber:
... Southeast Asia. They're everywhere. And like you said, for all of this, there's somebody walking around going, "Oh, that hard drive failed. Better swap that out and put the new one in and go through all the process to destroy it and make sure all the data's protected and everything." And it's a significant operation to keep it all running.
Ben Lueders:
And so it seems like the reason why the biggest players are the ones that kind of run most of the world is they probably have just the infrastructure, the hands on deck to be able to do this at a really high capacity. Isn't that true? You wouldn't want to be physically the guy responsible for these physical computers, would you?
Dave Kerber:
No, I've done that and absolutely not.
Ben Lueders:
Yeah. Sounds like you've done that.
Dave Kerber:
Never. Never again. But yeah, it's a huge capital investment. So you're talking hundreds of millions or billions of dollars to build these data centers, and then they are... One of the other advantages of the cloud is you don't have to purchase the hardware and you pay for what you use. So I can go spin up a AI service in Amazon, a server that can run ChatGPT and run it for an hour and just pay for that one hour. So it's a huge capital investment to build all of that capacity. So you need to have, first and foremost, a giant checkbook to build all of that physical infrastructure to make that service available. And there's no guarantee that's going to be utilized 100%. So it really is a long term bet on their part of that overall trend of getting away from having your own physical servers or onsite mainframes to that more variable capacity outsourcing more and more of that, what they call undifferentiated heavy lifting to the big players.
Ben Lueders:
And so we're going to get into what Cloud Copilot is, Dave's thing, but before we do Amazon, which we've already been talking about, they're the biggest, right? Or the most popular. You said they're a third, is that a third of the cloud infrastructure.
Dave Kerber:
So they created the segment and they still represent about a third of the cloud space.
Ben Lueders:
Got it. And Microsoft is the runner up there, basically.
Dave Kerber:
Yep, yep. Microsoft Azure is what it's called. And then Google Cloud platform is the third largest GCP is what it's called. Yep.
Ben Lueders:
Got it.
Dave Kerber:
And they're trying to catch up.
Ben Lueders:
They're trying to catch up.
Dave Kerber:
Yeah.
Ben Lueders:
So one of the things that you sent me in preparation for this show was a link on the AWS website about their shared responsibility model. Can you kind of unpack that for our listeners, what that means and why it's relevant to our conversation?
Dave Kerber:
Yeah, absolutely. So shared responsibility model is for security of your cloud environment, right? AWS is going to have physical security covered, right? They're going to make sure that the machines they're hosting it on is safe and secure. They're going to make sure that one virtual machine can't sneak into another virtual machine, right? It's what they call essentially security of the cloud. So the cloud is a secure place where you can operate, and then at a certain point, they give you the keys and they say, "Okay, you can do whatever you want."
Ben Lueders:
You can screw it up.
Dave Kerber:
Exactly. Yes. Exactly. And so there's things you can do that might make sense in a certain context of like, "Oh, no, no, really, that's what I meant to do." But would be terrible decisions in most contexts and as the customer have to make those decisions yourself, and that's on you, and that's security in the cloud.
Ben Lueders:
Got it.
Dave Kerber:
Those are the things within your control that affect your security and the safety of your data.
Ben Lueders:
So wait, are you saying that AWS servers sometimes get hacked and that there's sometimes cybersecurity issues with people using AWS?
Dave Kerber:
Oh, yeah. All the time. The most famous one I can think of was, I believe in 2019, Capital One was hacked. Again, there was nothing wrong with AWS. AWS executed exactly how they said they would, and through a combination of some vulnerabilities in their software and through some vulnerabilities in their configuration, which is where Cloud Copilot hopes to help quite a bit of customer data was compromised through that process.
Ben Lueders:
Wow. That's crazy.
Dave Kerber:
Yeah, I mean, we can dive into that 'cause it gets really, really interesting. But yeah.
Ben Lueders:
So let's get into the Cloud Copilot a little bit.
Dave Kerber:
Sure.
Ben Lueders:
If somebody works with you, I mean, let's just start with you defining what is Cloud Copilot? Who is it for? How does it work?
Dave Kerber:
Yeah, so Cloud Copilot is SaaS software for small companies. So we're targeting companies less than 50 people that use AWS. And the reason we're targeting that is if you're building software, so if you're a startup that's building some software, you're going to need to host it in the cloud. There's at least a one third chance you're going to put it on AWS. And as you're doing that, you want to spend most of your time thinking about your customers, right?
Ben Lueders:
Yes.
Dave Kerber:
And you don't want to spend, ideally zero of your time thinking about the shared responsibility model and how you're going to secure all of these things and make sure all the dials and knobs in the cloud are configured correctly.
Ben Lueders:
So if you were bored by a little bit of the beginning of this podcast, it's because you don't want to have to be thinking about this stuff. You want geeks like Dave thinking about all this stuff, if you're not familiar with the I wasn't the shared responsibility model because yeah, you want to be worried about or thinking about your customers and your clients-
Dave Kerber:
Absolutely.
Ben Lueders:
... and your product and all the stuff that we talk about on this podcast all the time. And you want guys like this and Cloud Copilot worrying about this nerdy stuff. That's so super important.
Dave Kerber:
Exactly. Yeah, it's super important, but it's also not differentiating. There's only downside to it. There's no upside to not getting hacked. So it's one of those things, it's kind of like insurance. You don't feel great in life because of who your car insurance carrier is. They're just there in case something goes wrong in Cloud Copilot's case, we're here to prevent things from going wrong. So you want to spend your time thinking about your customers. So this is SaaS software that you can hook up to your AWS environment. It's super easy to install, very user-friendly, and then it just tells you very directly all the things we're looking at, here's what you're not doing, here's how to fix it. And then from there, we'll monitor that for you, and we will reach out to you if something goes wrong. It's not another responsibility you need to do. It's not something else you have to add to your list of every week. Okay, go check this dashboard. It just sits in the background and watches everything, and if something goes wrong, we'll let you know, and we'll tell you what you need to fix.
Ben Lueders:
That's awesome. And it sounds like you guys are targeting smaller companies. Why smaller companies?
Dave Kerber:
Yeah, it's very underserved in the marketplace right now. So-
Ben Lueders:
A lot of big players have solutions for this, they're either staff or people they partner with. And so you're like, "Hey, who's looking out for the little guy."
Dave Kerber:
Yeah. So there are solutions in this space there. There's a lot of them. They generally fall in two big categories. There's big players. So there's many companies out there that are happy to charge you a hundred or hundreds of thousands of dollars a year to solve these kinds of problems for you. And that software is good. That software works great, but it is very expensive. It comes with steak dinners and other great things. So that's wonderful, but isn't necessarily accessible to the startups and the small businesses that are out there, the nonprofits, et cetera. The other major group of offerings are open-source offerings, which are also fantastic. There's a lot of great solutions out there for this problem. Similar situation though, you need someone with the expertise to understand which open-source thing am I going to use? How do I install this? What do I do with the output? So you either need to spend $100,000 a year on SaaS and hire $100,000 a year person, or have a six figure salaried person on staff who can help you save that money.
Ben Lueders:
Exactly. Exactly.
Dave Kerber:
So they're both very expensive alternatives that we're trying to address.
Ben Lueders:
It reminds me, we recently did an episode kind of comparing WordPress to Squarespace, and I know you're very familiar with WordPress, and WordPress is amazing because it's such a great IT open-source kind of software. You can do anything with it.
Dave Kerber:
Yes.
Ben Lueders:
It can do almost anything, but you kind of need to know what you're doing.
Dave Kerber:
Yes.
Ben Lueders:
And for a lot of people, they just need something that's simple, easy to use to get something up, and they don't need to do something super customer crazy. And that's why Squarespace is a great solution-
Dave Kerber:
Absolutely.
Ben Lueders:
... for a lot of those people. And there's other options out there as well. But it kind of reminds me of that where there's always options out there if you want to be Dave and figure all this stuff out, but not everyone is that person or should be that person.
Dave Kerber:
And to that point, I've been an engineer for almost 20 years now, and I won't mess with WordPress just like, "Oh man, I know. It starts off easy. It just gets harder and harder."
Ben Lueders:
You just do it right from scratch, right?
Dave Kerber:
Maybe. Yeah.
Ben Lueders:
Yeah, that's the nerd level we're talking about here.
Dave Kerber:
Yeah, exactly. Some like that.
Ben Lueders:
But we need people like you out there. One of the things that you sent me was talking about how ransomware is on the rise, and I feel like I hadn't heard the term ransomware in a while. I feel like it was something people talked about a while back. For those listening, what is ransomware and how prevalent is this?
Dave Kerber:
Yeah. Ransomware is when a bad actor, somebody not your friend, gets access to your data and one way or another takes control of that data. So what they used to do was they would encrypt it in place, and so then your data would be sitting there, but you couldn't access it.
Ben Lueders:
Wow.
Dave Kerber:
It's locked with an encryption key, similar to what you'd use for your Bitcoin wallet. And you'd have to send them some Bitcoins, and then they'd send you the key, and you-
Ben Lueders:
Literally get your data.
Dave Kerber:
Yeah, literally a ransom.
Ben Lueders:
It's holding it ransom. And once you pay, they actually would let go of it. Or you're just kind of hoping you're like...
Dave Kerber:
Yeah, in most cases they do, because criminals are economic actors like everyone else. And if they get a reputation for not returning the data, then people won't pay the ransoms.
Ben Lueders:
So we have a lot of criminals listening too. That's kind of our target market.
Dave Kerber:
I mean, everybody uses the cloud. That's true.
Ben Lueders:
That's true.
Dave Kerber:
We don't take Bitcoin as payment though. And it's evolved. It used to be a really on-prem hardware problem, so not a cloud problem, but it's evolved to where it is a cloud problem, and it's harder to encrypt the data in place on the cloud because there are controls for that, but it's still very easy to just steal data. So-
Ben Lueders:
Wow.
Dave Kerber:
... it's actually become a simpler operation of, "I'm going to steal all of your data. I'm going to send you a little bit of it, and if you don't pay me, I'm just going to sell it to the highest bidder."
Ben Lueders:
Geez.
Dave Kerber:
So it could be-
Ben Lueders:
How often is this happening mean? Is it something that people should be really concerned about?
Dave Kerber:
I would say, how would I describe this? When you park in Omaha, Omaha's a relatively safe city. When you park downtown, do you lock your car?
Ben Lueders:
Yeah.
Dave Kerber:
Yeah. That's about the level I'd be worried about it.
Ben Lueders:
Okay.
Dave Kerber:
So it's one of those long tail things. Probably the odds are low, but the consequences are so big that-
Ben Lueders:
Do you want to risk it?
Dave Kerber:
... a little bit of insurance is worth it. And a little bit of protection makes sense. So it's not something... And depending on what you're doing, so if you've got, let's say, a bunch of medical records, you would think about it differently then if I was summarizing your tweets. So there's a data classification risk aspect to it, but I think everybody should be mindful of it because no matter what you're doing, customer trust is important.
Ben Lueders:
Oh, yeah. Absolutely.
Dave Kerber:
And it's hard to get that trust back once you lose it. So you want to be mindful of those things. One thing I was surprised by though, in that article I sent you, 30% of attacks were companies, less than 100 people.
Ben Lueders:
I noticed that.
Dave Kerber:
I was blown away by that. I was like, "Oh, they're just going after the big guys and the big fish, and that's not true. They're Pretty opportunistic and they'll go after anybody." So it makes sense-
Ben Lueders:
Which is your target. That's your target audience.
Dave Kerber:
Yeah, absolutely.
Ben Lueders:
So I mean, it seems really relevant to you. And so when it comes to Cloud Copilot, I mean, you're not guaranteeing that people aren't going to fall prey to ransomware, but you are helping, going to help them to be positioned in a way that they're not as easily vulnerable.
Dave Kerber:
So yeah, no one will indemnify you against it. Nobody's going to offer that. So I was just recently at a conference with some AWS security folks, and I can't share exact numbers, but the majority of situations that cause this are extremely preventable. If you follow some basics, some software might be able to help with. But it's one of those things, again, it's just that little bit of insurance, that little ounce of prevention, right? Doing those basics, which again, if you move fast break things, we got to get to production, we got to get that series A, we got to land this client aren't always top of mind. So how can you have someone looking over your shoulder just helping you remember some of the basics and best practices?
Ben Lueders:
That peace of mind is great. I mean, what good insurance does is, "Okay, one less thing I need to worry about." If heaven forbid this happens, we're protected. And so yeah. That's super, super awesome. So Dave, another thing that you were sharing with me when we were going back and forth on email is some cybersecurity information, some stuff that's going on. I was really interested by this whole, the job vacancies in cybersecurity right now. Why is that relevant to this conversation?
Dave Kerber:
You've got a lot of statistics there. There's a huge growing need for cybersecurity specialists. I saw something this week that said like, there's 70 people for every 100 security jobs out there in the tech world. And so supply and demand is a real thing. And so those folks that have those skills, that salary's going to go up and up and up, and we're all very happy for them. We wish you well, but that makes it more of a challenge for everyone else who needs to hire those who needs that security assistance. And that's where good tools come into play to help fill those gaps and level up the team you have, right? With augmenting those skills, they don't have.
Ben Lueders:
That's awesome.
Dave Kerber:
Yeah.
Ben Lueders:
So Dave, how can people learn more about Cloud Copilot? If anyone listening is interested in the software in partnering with you, how would they go about doing that?
Dave Kerber:
We're in a closed beta right now.
Ben Lueders:
Oh, sorry. Never mind.
Dave Kerber:
No, that's okay. Please go to cloudcopilot.io and sign up and let us know you're interested, and we'd be happy to talk with everybody. Looking for some partners to start initially testing out the software.
Ben Lueders:
That's awesome. We like to end most of our episodes when we remember with a little bit of homework for our audience. If there's like something kind of based on this conversation that something that they could do. I'm just curious if there's anything that you would encourage our audience to do based on our conversation, other than go to your website.
Dave Kerber:
Yeah, go to my website. I'd say if you're using AWS, go delete all your access keys. Just get rid of those. And if you're not sure how to do that, just shoot me an email. I'll help you out.
Ben Lueders:
And why is that?
Dave Kerber:
Compromised access keys are a huge factor in AWS accounts getting compromised. So if you want to interact with your cloud programmatically, there's a few different ways to do that. And one of the most common is you create essentially a static username and password that your computer stores, and you can use that to write code to change your cloud. And if those get compromised, depending on how they're configured, it can be a very bad day for you. So if you have them, just delete them.
Ben Lueders:
Delete those access keys.
Dave Kerber:
Yes. And again, if you're not sure how to do that, shoot me an email. We'll see what we can do to help you out.
Ben Lueders:
That's awesome.
Dave Kerber:
Yeah.
Ben Lueders:
Is that something, when someone partners with Cloud Copilot, is that one of the first things you do? Is that go and delete-
Dave Kerber:
Yeah, there's a couple of things we do related to access keys, but yeah.
Ben Lueders:
That's awesome. Well, Dave, thanks so much for being on-
Dave Kerber:
Thank you.
Ben Lueders:
... Growing a Fruitful Brand.
Dave Kerber:
I appreciate it. Thanks for having me.
Ben Lueders:
Thanks for joining us today on Growing a Fruitful Brand. If you found today's show helpful, don't forget to subscribe and consider sharing it with someone who might also enjoy it. If you'd like to work with Fruitful on a branding website or messaging project of your own, you can always reach out on our website fruitful.design. So until next time, don't forget to grow something good.