Infrastructure Security Design (Public Clouds)
SreekIyer 2000001K7N Visits (223)
As we discussed in my previous post, transparency or more control is need of the hour with regards to security on the cloud. Let examine how this is done by the popular cloud providers and understand the method and the technologies. We need to secure the infrastructure, network, endpoints, applications, processes, data, and information and overall have a governance to mitigate the risk and meet the compliance. Let us take the infrastructure to begin with.
The key areas for a security team to design for with regards to infrastructure security are
Let us start looking at the public cloud implementations to understand how they are managing these aspects.
Almost all the vendors – IBM, Amazon, Microsoft, Salesforce provide a means to do SSH with keys to the Guest OS. The protocol runs over SSL and is authenticated with a certificate and private key which could be generated by the customer.
IBM LotusLive employs a security approach based on three three-pillars that includes ensuring security rich infrastructure.
We will see how the infrastructure security aspects are dealt with for private clouds in my next post. Stay tuned and keep those comments coming. I’d some of my readers tell me that the blog entries are not showing up fine on Internet explorer. While I will make the effort to fix the issue, please use Firefox or any other browser in the meantime.
And if you these posts interesting dont forget to rate the post (click on the stars) and if you got an extra minute do put in a comment on what apsects you find interesting or need discussion.