There is a definite change in the cloud security world. Organizations are deploying more cloud platforms to support an ever-growing user base. Still, the big question revolves around security – and how to protect critical data points.
Let’s start here – over the past few months, there have been more DDoS attacks against more IT infrastructures all over the world. These attacks have evolved from simple, volumetric attacks to something much more sophisticated. Now, attackers are using application-layer and HTTP attacks against certain targets within an organization. Consider this – DDoS attacks are larger than ever. Arbor Networks 10th annual Worldwide Infrastructure Security Report illustrates this point very clearly.
- The largest reported attack in 2014 was 400Gbps, with other large reported events at 300, 200 and 170Gbps with a further six respondents reporting events over the 100Gbps threshold. Ten years ago, the largest attack was 8 Gbps.
- Firewalls and IPS devices continue to be targets for attackers. According to the report, over one third of organizations had firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.
- Security incidents are up but enterprises are not fully prepared to respond. The report points out that just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. 40 percent of respondents felt reasonably or well prepared for a security incident, with 10 percent feeling completely unprepared to respond to an incident.
So how can you secure your critical virtual machines? What can you do to create a multi-layered security approach from your private cloud platform? The secret to security could revolve around your hypervisor – the gateway to a private cloud.
- Cloud and VM-level security. Imagine scanning a VM siting on your hypervisor for malicious code, malware, viruses, and other security holes. Now, imagine doing so without actually deploying any client. VM-level security means direct integration into the hypervisor layer. Furthermore, you increase the performance of your virtual machines without having to sacrifice levels of security. At the very basic level – you are now creating a very powerful cloud security methodology by allowing your VMs to directly integrate with your security solution. When working with cloud – always ensure that your network and data points are all secure. At the VM level, you can create access control policies which scale between on premise and cloud systems.
- Cloud means multi-tenancy, services, user experiences and management. Remember, cloud also means being ready for some high levels of multi-tenancy. Your virtual infrastructure must support a large number of users all sharing resources. This is why when it comes to cloud security, virtual machine and resource isolation and control is critical. Based on policies and configuration templates – you’re able to segment your hypervisor as well as you VMs to better control the flow of data throughout your cloud. Furthermore, you can control data delivery as well as QoS based on the classification of the workload. This level of flexibility also creates integrated security which allows you to better control a variety of data sets and applications. The most critical point to remember here is that security within cloud is not a unilateral solution. Rather, effective cloud security is a collection of security tools impacting various cloud use-cases.
- Enforcing compliance and security for your cloud. What if you could enforce PCI-DSS, HIPAA and Sarbanes-Oxley compliance all from one management plane – all for your own cloud environment? You can now integrate on premise resources with a respective cloud ecosystem. However, make sure your cloud provider is up to par when it comes to hosting compliance and regulation workloads. Specific providers have, for example, signed their business associate agreements (BAA) to be able to process protected healthcare (PHI) information. Others have created powerful ecommerce gateway platforms for PCI-compliant workloads. Compliance aside, your cloud will require advanced levels of security and management. Security technologies are capable of controlling virtual machines, application and resource security attributes, and the virtual networks they are utilizing. This translates to a lot of granular control – all from one management plane.
When it comes to deploying a cloud, your hypervisor aggregates resources, virtualizes critical components, and delivers powerful features to the virtual machine. So why not integrate your security platform directly into the hypervisor layer? A great way to ensure security moving forward is to deploy a next-gen security model directly into your cloud architecture. With this type of integration, you get performance benefits, greater visibility into the on premise as well as cloud environment. Most of all – you get centralized security management for all hosts. Ultimately, you gain proactive management capabilities around your very important cloud architecture.
This article first appeared at http://www.thewhir.com/web-hosting-news/considerations-when-creating-a-secure-cloud-environment.