While Cloud has been clearly identified as the next step to IT optimization, essential for increased performance and cost reduction, many of us are in a haze when it comes to the fundamental security measures required.
Our fears related to cloud security, for e.g the fear of the unknown ( where is my data stored?) and the fear of the unseen (how does my data flow from one Virtual Machine to another) and the fear of how ‘secure’ the cloud really is lead us to be wary of cloud adoption. Also the new layers of infrastructure create new grey areas, requiring new security solutions such as Virtual Server Protection for specific protection.
Basic components of Cloud and ways to optimize their security
Even though the cloud uses a different mechanism to serve IT infrastructure, be it computing power, memory or storage, the elements that create a cloud still include traditional datacenter components – servers, network, nodes and endpoints. The risks that exist in traditional data centers are also relevant in a cloud environment. Hence, traditional protection solutions such as Firewalls, IPS and Anti-viruses for physical hosts are essential to secure the cloud too. But how do we get smart in customizing traditional solutions to adapt to the requirements of the cloud?
Three cloud scenarios and the relevant host security features
1) Heterogeneous components:
The Cloud is about heterogeneous components coming together to serve as a single standard entity: this would mean that the host environment in a typical cloud would include different types of endpoints running different OS platforms. If separate security products are needed for different OS systems, it would become an administration and configuration nightmare. Hence, a single host protection solution that can support many platforms could reduce considerable effort and cost.
2) Distributed resources:
The Cloud is about a large number of distributed resources working together: this would mean a large number of endpoints at different locations that need to be managed, configured and secured. Again, an administrative nightmare to track and maintain security policies across these endpoints. Here, centralized security management of endpoints needs to be a part of the security solution.
3) Multiple technology layers:
The Cloud is also about multiple technology layers that work seamlessly: the higher the number of layers, the more the chances of gaps and vulnerability. Hackers identify easy entry points and don’t limit themselves to one point of entry. Using techniques such as ‘Advanced Persistent Threats’, they attack through multiple vectors. Security administrators need to ensure that they stay ahead of the hacker and secure the infrastructure from organized attacks. It is essential to implement a security product that can not only do its specified point job, but can communicate with other security components. This integrated approach will enable identification and blocking of advanced threats to the cloud.
I look forward to your thoughts, queries and comments. Watch out for upcoming blogs that will feature relevant IBM Security solutions to help you resolve these issues.
Learn more about how IBM Security’s Host Protection solutions address cloud security.
Product Marketing Manager, IBM Security