PROTECTING YOUR CLOUDS | A ZDNet Multiplexer Blog What's this?

Automate & Accelerate Your Cloud, Safely

Cloud orchestration automates the creation and configuration of various IaaS elements and manages their entire lifecycle. With careful planning, you can use this automation to implement and strengthen security policies.

In the cloud, systems and the networks that connect them are virtual. They exist as software constructs, and so can be created, destroyed and modified purely through software control. Orchestration systems use definition files that describe the systems and networks being created, and their capabilities and behaviors under specified conditions. In this way, you can use orchestration to instruct the cloud to create a set of systems and networks of a particular configuration in an automated, repeatable and predictable way. The term used is "Infrastructure as Code."

Once your cloud components are orchestrated, you can automate deployments and retirements based on whatever conditions you set. Tedious, manual configurations - and the human error that goes with them - become a thing of the past. Best of all, automation enables you to apply security best practices across all of your cloud instances.

Where IT security is at issue, automation is your friend. Modern networks are complicated and getting more so. The only way to ensure that security best practices are followed rigidly is to automate them. Considering that cyber attacks are automated and launched every day at hundreds or thousands of systems simultaneously, automated security that works consistently across physical and virtual resources is the best, perhaps the only way to fight back and defend valuable resources.

The first step is to ensure that the right security products are available on the network and configured correctly every time. With the right automated security tools, you can specify what communication is allowed or forbidden between specified addresses and through specified ports for different categories of resources. These rules are not specific to particular instances; if you change the rules in one, they propagate automatically across any VM that's in the same category. This all means that you can configure secure rules for your networks and servers and know that they will be applied consistently.

These security tools, such as the Next-Generation Security Platform from Palo Alto Networks, are attuned to advanced attacks and enable you to automate security.

Orchestration takes automation to the next level, because you use it to define the architecture of your network and the complete lifecycle of the systems and networks on it. When your servers and networks reach threshold levels, orchestration can spin off new ones to absorb the load. If a server or cluster is no longer needed, orchestration can shut them down, saving you from unnecessary pay-as-you-go public cloud expenses.

This raises a final security benefit of orchestration with automated security: If a server doesn't exist, it can't be attacked. For tasks that are run intermittently, there's no reason to have those resources up and vulnerable when they're not needed. Orchestration makes this easy to do, so you can combine automated security with infrastructure management best practices.

This is the way things are done now. You don't set up servers in racks anymore; you run programs that make virtual servers. Set the programs up right and incorporate the right third-party security tools, and the servers can run at optimum efficiency and confidence.

Learn more about Palo Alto Networks' Next-Generation Security Platform for cloud at