How Cloud is Getting Security Right

We take a look at the modern cloud architecture and have to understand the underlying security that supports it. The good news is that cloud security has become a lot better. Now, find out where cloud is getting security right and how you benefit.

Bill Kleyman

May 14, 2015

6 Min Read
How Cloud is Getting Security Right

It really feels like we’ve crossed a new threshold in the whole cloud conversation. In working with cloud delivery models, conversations with new perspective customers are continuing to increase. Organizations are realizing real business gains by moving a part of their environment into some kind of cloud platform.

Right now, it feels like the hybrid cloud is becoming one the predominant models being discussed and adopted. Why? It’s becoming easier to do so. But it hasn’t always been about the ease of moving into the cloud. Sure, there are challenges around unique applications and very specific use-cases. Still, one of the most dominating cloud conversation topics seems to always revolve around security.

Let’s start here – during the recent Gartner Symposium, analysts described cloud computing as a style of computing in which scalable and elastic IT-enabled capabilities are delivered “as a service” using Internet technologies.

“Overall, there are very real trends toward cloud platforms, and also toward massively scalable processing. Virtualization, service orientation and the Internet have converged to sponsor a phenomenon that enables individuals and businesses to choose how they'll acquire or deliver IT services, with reduced emphasis on the constraints of traditional software and hardware licensing models,” said Chris Howard, research vice president at Gartner. “Services delivered through the cloud will foster an economy based on delivery and consumption of everything from storage to computation to video to finance deduction management.”

This means that organizations are gearing up to allow the cloud to become their complete service delivery model. It’s clear that cloud computing is offering a very dynamic competitive advantage by allowing next-generation resource utilization. Furthermore, cloud is evolving to create even better security designs.

According to Gartner, the increasing adoption of mobile, cloud, social and information (often interacting together) will drive use of new security technology and services through 2016.

The report goes on to state that a significant number of security markets are being impacted by newly emerged delivery models. This is resulting in the growth of cloud-based security services, which are transforming, to different degrees, the way security is supplied and consumed by customers. While cloud-based services' competitive pricing puts pressure on the market, the cloud is also providing new growth opportunities, as some organizations switch from deploying on-premises products to cloud-based services or cloud-managed products. More than 30% of security controls deployed to the small or midsize business (SMB) segment will be cloud-based by 2015.

With all of this in mind, it’s clear that both cloud computing and the cloud security model are going to continue to evolve. There will be new kinds of standalone cloud-ready security platforms as well as those built into existing cloud service provider architectures. I recently wrote that for now, cloud computing has really done a good job staying out of the spotlight when it comes to major security issues. Yes, Dropbox might accidentally delete a few of your files, or some source code becomes exposed. But the reality is that a public cloud environment hasn’t really ever experience a massive data breach. Ask yourself this question, what would happen if AWS lost 80 million records like in the very recent Anthem breach? The conversation around public cloud security would certainly shift quickly. But the reality is that they haven’t. Maybe this gives us more hope that the cloud architecture is being designed in such a way that data is properly segregated, networks are well designed, and the proper boarder security technologies are in place.

So what are CSPs doing today to better secure your workloads? How are they creating security platforms that are “born in the cloud?” Let’s look at a few ways that big cloud provider are creating some great security strategies.

  • Creating user, client, workload multi-tenancy (policies, rules, etc). The most important concept to remember is that public cloud providers were built with the base architecture of multi-tenancy. They designed their systems knowing that they would have to carve out physical and virtual space to a large number of customers deploying unique workloads. Throughout all of this, they must maintain visibility, high security standards, contextual-policy engines, and how various workloads are interacting. From there, they must deliver powerful portals to each user – where they truly feel like they have their own bit of cloud. Creating this kind of multi-tenant environment isn’t easy. But big cloud providers are doing a great job making sure your slice of the cloud is locked down and secure.

  • Designing resource automation and orchestration (locking down resources to appropriate racks, dynamically shifting user resources, etc). Cloud providers make more money by creating better efficiency within their own environment. This means it’s in their best interest to design a cloud architecture capable of dynamic resource utilization and distribution. Furthermore, cloud management systems allow server and resource policies to span racks, zones, and even data center clusters spanning a region – or the world. Cloud providers also have monitors checking in on policies, their resources, and how virtual and physical components are being utilized. This kind of visibility takes on a security stance as well. If there is an issue, cloud providers can lock down a service, VM, physical server, or even an entire rack. Remember, cloud providers have a lot of physical as well as software-based security solutions.

  • Leveraging open-source technologies. Cloud providers utilize a lot of different powerful tools to create a dynamic and secure cloud architecture. They’ll integrate key management systems, encryption, policy enforcement and a lot more. They’ll also design solutions that allow your workloads to be HIPAA, PCI, FISMA, and IEEE compliant. Open-source technologies allow cloud providers to create powerful API architectures, customized – policy-driven – multi-tenancy platforms, and hypervisor extensions for the customer. These kinds of technologies allow CSPs to have granular controls around how they design their control mechanism and how they secure their resources.

Cloud computing and the services it offers is specifically designed around security delivering multi-tenant workloads. Think of cloud providers like AWS or even Azure as big banks. Back in the day, it was easy to rob a bank and take its resources. Now, however – it’s much more challenging to accomplish this. And, just like cloud security, there are different kinds of banks with different levels of security. The better the bank (or cloud provider) the better your security will be. This analogy is here to remind you of a couple of things.

  1. As long as there are resources that are valuable, there will always be targets.

  2. Cloud providers will have different security designs. Some can handle compliance-based workloads, for example, while others cannot.

I can honestly say that if you were hesitant about looking at a cloud model because of security, it’s time you overcome that hurdle and work with a cloud partner. The kinds of direct benefits that cloud computing can offer as a far as user optimization, workload delivery, and creating that next-generation business model is making this architecture more critical for businesses to consider. Most of all, many cloud providers are offering easy ways to get started by taking their cloud offerings for a test drive. Still, as secure as cloud might be, you must always ensure that your workloads and data points fall under data center, security, and compliance best practices. In part two of this security series, we take a look at where security is overlooked, and how problems can quickly arise.

About the Author(s)

Bill Kleyman

Bill Kleyman has more than 15 years of experience in enterprise technology. He also enjoys writing, blogging, and educating colleagues about tech. His published and referenced work can be found on Data Center Knowledge, AFCOM, ITPro Today, InformationWeek, NetworkComputing, TechTarget, DarkReading, Forbes, CBS Interactive, Slashdot, and more.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like