Cloud computing tools: Improving security through visibility and automation
Current management tools ease (but certainly don't end) cloud security jitters
By Robert Scheier
May 14, 2012 — CSO —
Many enterprises are reluctant to move critical cloud applications out of their own data centers and into the public cloud due to security concerns. Yet the same automated, consistent provisioning that is essential to managing either public or private clouds (as well as to the process of thinking through a cloud deployment) can also offer the fringe benefit of improving security.
Of course, not all cloud management tools work equally well with all cloud providers, nor do they all allow customers to manage their internal and external clouds as a single unit. Infrastructure-as-a-service (IaaS) providers such as Amazon, for example, typically don't allow customers to tweak the network and storage infrastructure beneath the operating system, forcing customers to trust that level of security to the vendor.
And while some customers will trust outside certifications, such as Amazon Web Services' Level 1 compliance with PCI DSS, others will choose to stick with a private cloud within their own firewalls, or create cloud environments at an external site using their own networks and keeping storage under their control.
[Also read SaaS, PaaS and IaaS: A security checklist for clouds]
Furthermore, compared to internal IT infrastructures, the public cloud requires more attention to components such as network firewalls, load balancers and network address translation to hide the public IP addresses most cloud providers assign to servers. But whatever the model, the automated, consistent processes required for large-scale cloud deployments not only increase the efficiency, reliability and performance of these environments, but also improve security.
Benefits of Thinking It Through
With physical servers, staging and setup is a manual, one-off job; however, with virtual machines (VMs), creating templates or policies for various types of servers forces organizations to "think about it more and plan for it," says Matt Conway, CTO of online backup vendor Backupify. "If you need to recreate [a type of server] quickly, you must script it and automate it."And while conventional servers often run multiple types of software to provide different services, organizations often give VMs in cloud environments much more specialized personalities to perform specific tasks, says Patrick Kerpan, president and CTO of cloud management vendor CohesiveFT.
Understanding critical issues in securing cloud computing—public, private, hybrid, SaaS and all other flavors
Hybrid cloud security real-world tales
Most organizations will use a mixed IT environment that includes public and private clouds as well as non-cloud systems
SaaS, IaaS and Paas: A security checklist for cloud models
API keys, connecting to the cloud, and other important issues to consider
5 cloud security predictions
Smart-phone slinging, identity management, multitenancy, and more
5 key cloud security issues
Cloud security: The basics
Cloud security all about the contract
Cloud security survival guide
The real problems with cloud computing
- Cloud Impacts and Outcomes for Business Leaders
- Providing Security for Software Systems in the Cloud
- The Power of Cloud: Driving Business Model Innovation
- Okta Active Directory Integration - An Architecture Overview
- Moving Beyond User Names and Passwords: An Overview of Okta's Multifactor Authentication Capability
- Avoid the Hidden Costs of AD FS with Okta
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
