Cloud security: How to make the switch

Cloud security: How to make the switch

Summary: When you move to the cloud, take your security with you rather than accept the lowest-common-denominator measures on offer, says Rik Ferguson

SHARE:
TOPICS: Security, Cloud
1

Traditional security measures are inadequate in virtualised environments. So you just have to do things differently when moving to the cloud, says Rik Ferguson.

Despite the obvious commercial and technological benefits of the cloud, enterprise adoption is still in its infancy.

In survey after survey, the primary barrier at an executive level to the adoption of cloud services is security. Executives are concerned that provisioning data and servers from a third-party datacentre will mean compromising their present level of security, their control and their access to logging and audit information.

So what is really powering the cloud? Datacentre virtualisation, virtual desktop infrastructure, shared storage, and IaaS, PaaS and SaaS have changed the architectural game, possibly more than any other innovation in the past 15 years.

Architectural-level security challenges

None of the traditional security concerns disappears — although they often have to be addressed in new ways — but new security challenges arise, many of them at an architectural level, which do not have a counterpart in their physical forerunner.

Firewalls at cloud providers must operate as lowest-common-denominator security devices, configured for the least secure customer, but perhaps not for you. Cables, switches, bandwidth, virtualisation platforms and SANs must all be considered a shared resource and as such, untrusted.

Many aspects of traditional infrastructure are collapsed into the hypervisor or the abstraction layer of the virtualised SAN and much security technology and security provisioning becomes an unacceptable bottleneck and business disabler, crowbarred into an unforgiving infrastructure. This situation inevitably undermines both confidence and compliance of potential customers.

Colocation of virtual instances and data with that of strangers, competitors and possibly even malicious actors — we have already seen criminal activity being hosted in Amazon's EC2 cloud, for example — brings a host of new challenges.

How do you maintain confidence that a dormant virtual machine is free of infection or that it will not be grossly out of date and at risk when you bring it online? How do you manage traffic between virtual machines from a security standpoint?

Traffic that travels from machine to machine on the same hypervisor does not touch your physical network and as such, traditional security techniques and technologies will be blind to any risk.

How can you deal with emerging threats such as malware capable of breaking out of a virtual machine to infect the host operating system? What mitigation exists against insider attacks, and how can you ensure that...

Topics: Security, Cloud

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • One of the oft overlooked aspects is where the cloud is located ; and whether that location is trust worthy and not subject to policial influence . Take for example the pressure applied to amazon .paypal etc over wikileaks -
    peter@...