It’s been a while since the last article, so it’s time to write another one. This is a standalone piece, separate from our original series.
This article covers what cloud computing actually is, how it works, and what makes it different, written for people with no technical background.
The article also includes some personal opinions and a principle you can apply to your cloud setup to improve performance and tighten your bill.
Cloud
A cloud is basically a massive collection of computers and virtualized infrastructure housed in data centers. Large companies rent out these computers, along with other services like storage, databases, and networking, on monthly, yearly, or pay-as-you-go models.
Virtualization is technology that lets one physical computer act like multiple separate computers. It uses software (called a hypervisor) to divide the machine’s resources.
So in simple terms, you’re using someone else’s computer, from anywhere, at any time. But these aren’t just raw machines sitting in a rack, they run powerful virtualization technology, meaning you choose exactly how much compute, memory, and storage you need, and scale it up or down as your needs change.
Compute refers to the processing power of a system, mainly provided by the CPU and GPU, used to perform calculations and run applications.
On paper, cloud is sold as dynamic, flexible, and cost-efficient. And it can be, but only if you manage it well.
The pay-as-you-go model is a double-edged sword. Leave a service running that you forgot about, misconfigure your storage, or underestimate your traffic, and that “cheap” cloud bill can easily hit four figures a month.
So yeah, that’s cloud, no need to hype it that much. It’s just a bigger, more powerful computer than yours, with virtualization software partitioning it so many people can use it at the same time instead of just one person.
Does a VPS Make Any Difference?
A VPS, or Virtual Private Server, is actually a cloud product. It’s one of the oldest and most straightforward forms of cloud computing, you rent a virtualized slice of a physical server, get root access, and do whatever you want with it.
Root access means a user can access everything and has the right to do whatever they want on the server.
The difference comes down to scale and flexibility. A VPS is fixed, you pick a plan, you get a set amount of CPU, RAM, and storage, and that’s it until you manually upgrade.
Traditional cloud platforms like AWS or Azure go further with dynamic scaling (automatically adding or removing resources based on demand), managed services, load balancers, serverless functions, and hundreds of other tools built on top of raw compute.
Load balancers help distribute traffic across multiple servers so that none of them get overloaded. Serverless means you run code without managing servers; the provider handles the infrastructure.
So if cloud is a full toolbox, a VPS is just one tool from it; a reliable, simple, cheap tool, but still just one.
But honestly, a VPS is probably all you need. Most of the tools, services, and flexibility that big cloud platforms offer are just overkill for the average use case. You don’t need dynamic pricing or hundreds of managed services for a simple blog or personal project.
But once you need your infrastructure to grow automatically, handle global traffic, or plug into managed databases and AI services, that’s when the broader cloud ecosystem starts making sense.
Short answer: a VPS is cloud, just without the fancy tools and dynamic features.
If Cloud Is Just a Bunch of Servers, Why Is It So Popular Now?
The answer is convenience and timing.
Before cloud, if you wanted to run a service, you bought physical servers, rented rack space in a data center, hired people to maintain them, and prayed nothing broke at 2am. That’s expensive, slow, and painful. Cloud removed all of that, spin up a server in two minutes, pay for what you use, and someone else handles the hardware.
To be fair, dedicated servers and VPS still have solid support in 2026. When you buy a server from a company, it comes with their support, maintenance, and responsibility. The difference kicks in only if you go full self-hosted, build your own hardware from scratch, and everything is on you.
The timing part matters too. Cloud blew up alongside smartphones, streaming, and the explosion of web services. Suddenly everyone needed infrastructure that could handle millions of users overnight, and nobody wanted to buy physical servers for traffic spikes that might last a weekend. Cloud was the obvious answer.
Then the big corpos started moving everything there, which pulled the tooling, the talent, and the job market with it. Now if you’re not on cloud, you’re the odd one out.
So it’s not that cloud is some revolutionary technology. It’s just the right solution that showed up at the right time, got adopted by the right companies, and now it’s everywhere.
Why AI and Cloud Are a Perfect Match
AI needs compute. A lot of it. Training a model, running inference at scale, processing massive datasets, none of that happens on your laptop. You need hundreds, sometimes thousands of GPUs running in parallel, and you need them fast.
Inference means running a trained model to generate results.
That’s exactly what cloud is built for. Instead of buying a $50,000 GPU cluster that sits idle 80% of the time, you rent it for the hours you actually need it. Run your training job, pay the bill, shut it down. Cloud makes AI accessible to companies that couldn’t afford dedicated hardware.
It goes the other way too. AI is making cloud smarter; automated scaling, anomaly detection, cost optimization, security monitoring. The cloud platforms themselves are getting AI baked in at every layer.
So the relationship is pretty straightforward. AI needs what cloud offers, and cloud uses AI to sell more of itself. Both industries grow together. That’s why every major cloud provider, AWS, Azure, GCP, is racing to slap AI onto every product they have right now.
But it raises a question, is it really necessary to add AI to every service? The answer is simple: NO.
Your product doesn’t need AI if it already does the job without it. And honestly, around 80% of products don’t need it at all. AI is expensive, and in most cases it can be replaced by simpler, cheaper technologies.
Marketing is killing the efficiency AI actually has. It has legitimate uses but we keep inflating it into a bubble instead of keeping it where it belongs. We’ve done this before with other technologies and it didn’t end well.
Is Centralizing Everything in One Place a Good Idea?
Short answer: not really.
Cloud is convenient precisely because everything is in one place; your compute, storage, networking, databases, all managed under one roof. But that’s also the risk. When that one place goes down, everything goes down with it.
The easiest example of this is Cloudflare. It powers a massive portion of the web, and when it goes down, roughly 40% of the web goes down with it.
AWS also had outages that took down half the internet. Not because the technology is bad, but because so much of the world’s infrastructure became dependent on a single provider.
There’s also the vendor lock-in problem. Once you build deep into AWS or Azure’s ecosystem, their databases, their serverless functions, their proprietary tooling, migrating away becomes a massive, expensive project.
And then there’s cost. Centralization under a cloud provider means they set the prices. And they do raise them.
So yeah, it has advantages and disadvantages. If cloud keeps developing at this speed, it might just cause big corporations to become monopolies in the market, and honestly, it’s already started.
AWS, Azure, and Google Cloud already own a massive proportion of the internet’s infrastructure, and many smaller companies are now fully dependent on their services.
Securing Cloud
Anyway, let’s get back to the main topic of this blog: security.
The provider secures the infrastructure, so if you’re just a customer you don’t need to do anything to secure the hardware, their engineers handle that. The physical machines, the network, the hypervisor, that’s their responsibility.
Everything on top of it is yours: your data, your configurations, your access controls.
Most breaches happen at the higher levels, not the hardware. There are a few things worth keeping in mind when using cloud services.
Data security is the first thing to take seriously. If possible, encrypt your data before it even reaches AWS servers. Client-side encryption means even if Amazon or any other provider wanted to look at your data, all they’d see is unreadable ciphertext. Most people don’t realize that technically, cloud providers have the right to access your data, it’s buried in the terms of service nobody reads, but it’s there. Encrypt it at rest too.
Client-side encryption locks your data on your device before sending it, so the cloud only sees unreadable ciphertext (encrypted data). Encryption at rest keeps data encrypted while stored on servers. It’s also good to use encryption in transit, which secures your data while it is being transferred.
Misconfigurations are a constant threat and probably the most underestimated one. A single wrong setting on a storage bucket, a database left publicly accessible, a firewall rule that’s too broad; these are real incidents that happen every day, and they cost a lot more than they look.
A firewall controls which devices or systems can send or receive data (packets) over a network. It filters traffic at the network layer based on security rules, allowing or blocking connections to protect the system.
Access control is not optional. You need to know exactly who has the right to view, modify, and delete your data, and that list should be as short as possible.
The most common cloud security mistakes are boring and ordinary. Weak or reused credentials. No multi-factor authentication. Over-permissioned accounts that follow the “just give it admin access” logic. Unencrypted data at rest. No logging.
MFA (multi-factor authentication) is a second verification step (e.g., a code sent to your phone).
So on paper, the customer doesn’t have much responsibility, but those annoying, mundane tasks are exactly what gets overlooked, and overlooking them is what causes data breaches.
To be fair, Amazon and Microsoft servers are not fully secure either. Even if you do everything right on your end, they have been hacked before. They are not black boxes.
Securing cloud from the customer side is not hard, but a single small mistake can cause more damage than a traditional server breach. Everything being connected is an advantage, but it also means breaches spread further and faster.
Minimalism on Cloud
Not the aesthetic, the philosophy. And it actually works really well in cloud environments.
We’re borrowing just one core idea from minimalism: own less, control more. That’s it. No lifestyle changes, no decluttering your tools.
Cloud is a bloated ship by default. Providers want you to use more services because more services mean bigger bills. But using less actually improves both usability and security, fewer services means a smaller attack surface, less to maintain, and less to pay for.
I know some people are allergic to hearing the word minimalism, so let me be specific about what I mean here.
IAM is essentially a permission system, who gets access to what. The minimalist principle applies directly: give people the least privilege possible. Only what they need, nothing more. Every extra permission is a potential entry point you don’t need to have open.
IAM (Identity and Access Management) is a system that controls who can access what in a service. It lets you create users, assign roles, and set permissions so people or apps only have access to the resources they actually need.
Services are great tools when you actually need them, but every new service comes with a cost. A new service to secure, a new thing to configure, a new line on your bill. Too many services means harder maintenance, more people needed to manage them, and exponentially bigger bills. Misconfigure one and it can take down parts of your project.
The move is simple. Don’t start a service until you’re sure you need it. Shut down services you’re not using. Don’t let the cloud own you, you own it.
Conclusion
This is a standalone article written for customers; not engineers, not people working at AWS or Microsoft or anywhere else in the industry.
The goal of this article was simple: give a general overview of what cloud actually is, share some personal opinions, and cover what I do to keep bills manageable and attack surface small.
It’s not a technical deep dive, and intentionally so. This blog usually goes pretty low level, but think of this one as a quick introduction for everyone.
I plan to prepare more cloud articles before starting the reverse engineering category. Each one will get more technical and detailed as we go.