Gartner has recenty predicted that by 2020, a corporate “no-cloud” policy will be as rare as a “no-internet” policy is today. CIOs will increasingly leverage a multitude of cloud computing providers across the entire IT stack to enable a huge variety of use cases and meet the requirements of their business unit peers. Indeed, the tides are shifting toward a “cloud-first” or even “cloud-only” policy... 

Marc Wilczek

Security And Management In The Cloud

Security And Management In The Cloud

Though there are various challenges involved in maintaining a cloud service, one of the major challenges that organizations face is security management. The advent of global computing represents cloud computing in totality. This has transcended boundaries, not just nationally, but also internationally.

This same globalization is another challenge that has emerged for cloud technology, because traditional security models do not apply in the cloud infrastructure. Let us take, for example, firewall infrastructure. The very invention of firewalls in traditional systems was meant to provide “blocking-security” for single hardware devices. However, with cloud computing models, the very definition of this is thrown out of the window. The cloud itself is outside these defined perimeters, and there need to be device-separated regimes for cloud security management. Traditional IT regimes work less on this kind of infrastructure and are not quite practical. Since we are making massive changes in the infrastructure, changes are also needed in security management.

Why is it difficult to maintain security on the cloud?

Security is made difficult by the fact that the infrastructure is not owned by the party itself – it is somebody else who owns the entire infrastructure. Hence, it is difficult to get changes in security implemented as you try to scale the rest of your IT infrastructure. If these two growths are not in complete synchronization with each other, there are bound to be holes in the coverage and gaps that are difficult to seal down.

Automating firewall management clouds

This is not just a possibility; it is essential. There is a high degree of elasticity associated with cloud infrastructure – be it public, private or hybrid. As a result, security is essential and must be deployed on the basic cloud server. If you are taking a third-party cloud, you must insist on a security check at the cloud server level. Time-based controls, which close ports such as RDP, etc. and open only when there is a demand, are a good option. This ensures that your servers are always secured, and since you have the security server on your own side, the policies can be easily coupled with your infrastructure.

Should one take a hybrid approach to security solutions?

There are various reasons why the hybrid approach is perhaps not a good one. Most traditional security methods do not exist for the cloud. Also, the entire process of securing your cloud infrastructure is quite different from securing traditional IT infrastructure. Many server admin ports such as SSH, etc., are left open in traditional infrastructure. This is because the server sits behind the corporate infrastructure, and there is abundant security and less risk.

However, this is not possible with the cloud, as everything is so elastic that there are no fixed perimeters. In this case, therefore, admin ports cannot be left open as they were in the traditional case. There needs to be a custom solution for this which is different for every different cloud. The need of the hour, however, is to realize the importance of these custom security management systems to the cloud.

By Kaamil Nakhasi