Are You Sure You Are Ready For The Cloud: Security

Byod.png
Growing Up.png
Recovery Experts.png
Data Bed.png
Twitbook.png

Cloud Security

For the last several months, we have been discussing ways to make sure you are ready for the next step in your IT evolution: Cloud.

When review the different steps of making sure you are ready, one that I have intentionally avoided was Security. I spoke to you about “Security of Business”, but not the actual securing of your cloud. It was a very simple reason why I did this: “No matter the IT environment, you must take precautions.

So, wanting to make sure we covered several of the other topics first (e.g. Design, Finance, Connectivity…), we move on to straight security. Although, isn’t that kind of an oxymoron statement? Why? Well, because security within an IT environment is multifaceted. It has move sides and needs than just simple authentication and authorization. And within and around a cloud, it is even more so. In the following example, I am going to use an onsite deployment scenario, and we can wade thru the levels one by one.

Perimeter Security

security

Lets start with our perimeter security. You have several layers, depending on your cloud management software. So, starting furthest from the center of your cloud, or in this case, we will call it a server Instance OS, we have the perimeter. This is normally a pair of firewalls setup in a fault tolerant or high availability (FT/HA) setup. It isn’t necessarily at the edge of your onsite cloud, in fact, most of the time it isn’t. It is at the edge of the datacenter, protecting all of it.

You have your firewalls at the perimeter, then, the next step down is probably another set of firewalls at the edge of the cloud. These firewalls should also be setup as FT/HA and restrict specific TCP/UDP ports traveling into and out of the cloud environment. But here, they may also divide up their responsibilities. They may provide protection for just the physical aspects of the cloud, which would be the Compute and Infrastructure nodes, or exposing an API interface from an internal port, they may provide protection for the virtual machines (VM) communicating to/from within or outside the cloud.

Security Tools

security-mail

Now, continuing on inside the cloud, and moving away from the physical infrastructure, your security becomes far more robust. Now, you will take advantage as things like LDAP or Microsoft AD for your user authentication and authorization at the VM level. Most cloud management tools also allow you to take advantage of other security tools, such as virtual firewalls, virtual edge routers and access to storage areas.

Now, lets spin it around and go back out away from your VMs. You have security in your OS. You then have it on each user based on either internal or external authentication and authorization. Then you go back through a possible virtual firewall and or an edge router. Then back through your physical kit. But remember, based on your cloud management software, you may have far more levels of security that is not based on the VMs or the physical routers and firewalls. Next month, we will dig into the SDN or Software Defined Network world of cloud.

By Richard Thayer

Bitcoin electricity

The Future of Bitcoin Heat Mining

Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...
Brian Rue

What’s Holding DevOps Back

What’s Holding DevOps Back And How Developers and Businesses Can Vault Forward to Improve and Succeed Developers spend a lot of valuable time – sometimes after being woken up in the middle of the night ...
David Loo

The Long-term Costs of Data Debt: How Inaccurate, Incomplete, and Outdated Information Can Harm Your Business

The Long-term Costs of Data Debt It’s no secret that many of today’s enterprises are experiencing an extreme state of data overload. With the rapid adoption of new technologies to accommodate pandemic-induced shifts like remote ...
Yuliya Melnik

DevOps Services Outsourcing: What Is it and Why Do You Need it?

DevOps Services Outsourcing The sooner you release your unique idea to the public, the higher the chance that it will receive the lion's share of the audience's attention. Delays in development can lead competitors to ...
Matrix

Are We Building The Matrix?…

When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.