October 19, 2015

Are You Sure You Are Ready For The Cloud: Security

By Richard Thayer

Cloud Security

For the last several months, we have been discussing ways to make sure you are ready for the next step in your IT evolution: Cloud.

When review the different steps of making sure you are ready, one that I have intentionally avoided was Security. I spoke to you about “Security of Business”, but not the actual securing of your cloud. It was a very simple reason why I did this: “No matter the IT environment, you must take precautions.

So, wanting to make sure we covered several of the other topics first (e.g. Design, Finance, Connectivity…), we move on to straight security. Although, isn’t that kind of an oxymoron statement? Why? Well, because security within an IT environment is multifaceted. It has move sides and needs than just simple authentication and authorization. And within and around a cloud, it is even more so. In the following example, I am going to use an onsite deployment scenario, and we can wade thru the levels one by one.

Perimeter Security

security

Lets start with our perimeter security. You have several layers, depending on your cloud management software. So, starting furthest from the center of your cloud, or in this case, we will call it a server Instance OS, we have the perimeter. This is normally a pair of firewalls setup in a fault tolerant or high availability (FT/HA) setup. It isn’t necessarily at the edge of your onsite cloud, in fact, most of the time it isn’t. It is at the edge of the datacenter, protecting all of it.

You have your firewalls at the perimeter, then, the next step down is probably another set of firewalls at the edge of the cloud. These firewalls should also be setup as FT/HA and restrict specific TCP/UDP ports traveling into and out of the cloud environment. But here, they may also divide up their responsibilities. They may provide protection for just the physical aspects of the cloud, which would be the Compute and Infrastructure nodes, or exposing an API interface from an internal port, they may provide protection for the virtual machines (VM) communicating to/from within or outside the cloud.

Security Tools

security-mail

Now, continuing on inside the cloud, and moving away from the physical infrastructure, your security becomes far more robust. Now, you will take advantage as things like LDAP or Microsoft AD for your user authentication and authorization at the VM level. Most cloud management tools also allow you to take advantage of other security tools, such as virtual firewalls, virtual edge routers and access to storage areas.

Now, lets spin it around and go back out away from your VMs. You have security in your OS. You then have it on each user based on either internal or external authentication and authorization. Then you go back through a possible virtual firewall and or an edge router. Then back through your physical kit. But remember, based on your cloud management software, you may have far more levels of security that is not based on the VMs or the physical routers and firewalls. Next month, we will dig into the SDN or Software Defined Network world of cloud.

By Richard Thayer

Richard Thayer

Richard currently is the Director of IT for OSG, an International IS/IT Company based out of Irving, Texas USA. With over thirty years of hands on experience, and 16 vendor certifications, he directs and/or assists many Fortune 500 companies in the direction of Cloud, Infrastructure and Migrations. He is a professional speaker and author of both Science and Non Fiction.
Jennifer Nwokolo

8 Useful Tools For Risk Assessment and Management

Risk Assessment and Management Risks are inevitable in every business venture. Generally, most organizations aim [...]
Read more
Katrina Thompson

Why Zombie APIs are Such an Important Vulnerability

Zombie APIs APIs have a lifecycle, the same as anything else. They are born, they [...]
Read more
Sushil Kumar

Generative AI and Cloud Computing: The Greatest Infusion

Generative AI The fusion of cloud computing, app modernization, and artificial intelligence (AI) drives digital [...]
Read more
Wealth Management Software Solutions - ServiceNow

Leading Online Savings and Wealth Management Services

Financial wealth management services (Updated: 06/29/2022) Many want to live in abundance, but very few [...]
Read more
Michael Kleef

Akamai’s Michael Kleef Reveals Key Shifts in Cloud Computing Landscape

Welcome to a conversation with Michael Kleef, Vice President of Product Marketing, Developer Advocacy, and [...]
Read more
Oxylabs

Episode 15: The Power of Data Scraping

A conversation with Aleksandras Šulženko – Product owner at Oxylabs.io In a global economy where [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.