While cloud has been clearly identified as the next step to IT optimization, essential for increased performance and cost reduction, many of us are in a haze when it comes to the fundamental security measures required.
Our fears related to cloud security, for instance, the fear of the unknown ( where is my data stored?) and the fear of the unseen (how does my data flow from one Virtual Machine to another) and the fear of how ‘secure’ the cloud really is lead us to be wary of cloud adoption. Also the new layers of infrastructure create new grey areas, requiring new security solutions that could provide virtual layer specific protection. However this blog post will focus at the fundamental hardware security.
Let’s take a look at the basic components of cloud and ways to optimize their security
Even though the cloud uses a different mechanism to serve IT infrastructure, be it computing power, memory or storage, the elements that create a cloud still include traditional datacenter components – servers, network, nodes and endpoints. The risks that exist in traditional data centers are also relevant in a cloud environment. Hence, traditional protection solutions such as Firewalls, Network Protection, Host security, etc. are essential to secure the cloud too. But how do we get smart in customizing traditional solutions to adapt to the requirements of the cloud?
Three cloud scenarios and the relevant host security features:
The Cloud is about heterogeneous components coming together to serve as a single standard entity: this would mean that the host environment in a typical cloud would include different types of endpoints running different OS platforms. If separate security products are needed for different OS systems, it would become an administration and configuration nightmare. Hence, a single host protection solution that can support many platforms could reduce considerable effort and cost.
The Cloud is about a large number of distributed resources working together: this would mean a large number of endpoints at different locations that need to be managed, configured and secured. Again, an administrative nightmare to track and maintain security policies across these endpoints. Here, centralized security management of endpoints needs to be a part of the security solution.
Multiple technology layers:
The Cloud is also about multiple technology layers that work seamlessly: the higher the number of layers, the more the chances of gaps and vulnerability. Hackers identify easy entry points and don’t limit themselves to one point of entry. Using techniques such as ‘Advanced Persistent Threats’, they attack through multiple vectors. Security administrators need to ensure that they stay ahead of the hacker and secure the infrastructure from organized attacks. It is essential to implement a security product that can not only do its specified point job, but can communicate with other security components. This integrated approach will enable identification and blocking of advanced threats to the cloud.
Join us at Edge2014 where IBM will showcase relevant IBM Security solutions to help you resolve these issues and identify new opportunities. Till then, do not forget to share your thoughts, queries and comments at firstname.lastname@example.org or @VikashAbraham on Twitter.
Product Marketing Manager
IBM Security Solutions - Infrastructure Security