Nuffnang

Tuesday, August 21, 2012

Security in the Cloud


Conventional infrastructure security controls designed for dedicated hardware do not always map well to the cloud environment.


Public Cloud architectures must have well-defined security policies and procedures in place.


1. Integrated Cloud Security - VLAN approach

Cloud environments should take this same approach and segment virtual machines by VLANs through Port Group configurations.

The concern in cloud environments is that IPS systems provide limited visibility to inter-virtual machine traffic flows. These are the flows between virtual machines on the same VLAN.

By default, those traffic flows are not visible to traditional network-based security protection devices located in the datacenter network.

Administrators must make specific architecture and configuration decisions either to make the virtualization solution work with current security tools or to integrate security appliances into the virtualization architecture.


2. Cloud Burst Security

One of the primary advantages of cloud computing is that enterprises can move applications that consist of several virtual machines to the cloud provider when the physical environment requires additional processor or compute resources.

These bursting virtual machines need security policies and baseline histories to move with them. When a virtual machines moves, if the security policy does not accompany it, that virtual machines becomes vulnerable. In addition, when virtual machines move, they lose their performance histories and administrators must re-evaluate the virtual machine performance baselines.


3. Compliance Concerns – system, vm, all cloud log must keep in safe location

The auditing community is aware that current practices for auditing cloud environments are inadequate. As compliance grows in importance, enterprises implementing clouds need to satisfy their auditors concerns; especially since creating an identity for an individual virtual machine and tracking that virtual machine from creation to deletion creates challenges for even the most mature virtualized environments. Virtual machine sprawl-- when the number of virtual machines being created is growing more quickly than an enterprises ability to manage them-- adds complexity.


4. Defense in Depth

By providing security services from within the cloud provider infrastructure, enterprises are able to deploy security policies and rules between each virtual machine (or between virtual machine centers) as they would in the physical world. A feature of the cloud provider infrastructure is that enterprises can maintain corporate security policies and the data collected about them with the virtual machines. This allows them to enforce security services in the enterprise and the cloud provider consistently

No comments:

Post a Comment