Your 2015 Cloud Security Update
Some quick tips and cool technologies to help your cloud security architecture and to keep your environment a bit safer!
February 26, 2015
We’ve got a few challenges floating around the cloud and security world where it has come time for a bit of an update. Between Sony and a few major retailers, there have been a lot of conversations around cyber-security, cloud security, and how all of this impacts the end-user.
Since there’s really no slowdown in sight – and more organizations are touting the era of the “Internet of Things” – we have to take a look at security from a truly holistic level. That said, here are some security updates that can help you stay ahead of the bad guys… or, as much ahead as you can be.
Client-less security. Take security and efficiency and mash them together! Now, we have security technologies which can directly integrate into the hypervisor layer. This means VMs running on top won’t need a clunky client. There has been a resurgence behind virtual application and desktop delivery. This is where both end-user efficiency as well as security at the VM-level are a must. For example, a virtualization aware AV engines run at the hypervisor level; scanning all of the traffic which flows into and out of the VM. Trend Micro introduced its Deep Security platform to do just that. It will integrate directly with VMware Tools to facilitate virtualization-ready security at the hypervisor layer. Another great example is 5nine’s security model and how it interacts with Hyper-V. This way, administrators don’t actually have to install AV clients on the workloads. Because of this, the AV process becomes much more streamlined and efficient. Now, we’re introducing new levels of security and efficiency for your virtual platform.
The adoption of virtual platforms. Virtual security appliances are agile, powerful, and can be deployed anywhere in your infrastructure. The other big part is that these security platforms can be service-oriented. This means you can monitor specific network nodes and data points within a very distributed environment. Check Point has their Virtual Systems which deploy as Software Blades on any virtual system for customized protection. Similarly, Palo Alto has their VM-Series virtual appliances which support the exact same next-generation firewall and advanced threat prevention features available in their physical form factor appliances. Furthermore, automation features such as VM monitoring, dynamic address groups and a REST-based API allow you to proactively monitor VM changes and dynamically integrate this into your security policy architecture. The cool part is that the VM-Series is supported on VMware, XenServer, KVM, Ubuntu, and even AWS.
Cloud and compliance can happen! Cloud is growing up and playing nice with various compliance regulations. Now, you have the ability to deploy powerful cloud platforms which are ready for PCI/DSS, HIPAA, and many others. Just make sure your cloud provider is compliant and ready to delivery that type of cloud solution. Let me give you an example. Have you heard of FedRAMP? Basically, FedRAMP is the result of close collaboration with cyber security and cloud experts from the GSA, NIST, DHS, DOD, NSA, OMB, Federal CIO Council, and its working groups, as well as private industry. Already, cloud providers like AWS, IBM, HP, Microsoft, and Akamai are becoming FedRAMP-certified cloud service providers.
Next-gen security feature sets. Geo-fencing, advanced DLP, node-based IPS/IDS, application firewalls, and even new types of DDoS protection are all powerful features which live on virtual and physical appliances. But the really cool part is just how much you can pack into a virtual appliance. Next-generation security features are here to help with the advanced persistent threats that traditional UTM security appliances simply can’t handle. Virtual security features now can include advanced network and firewall configurations, clientless VPN, application control, URL filtering, AV services, identity awareness and mobile access controls.
Creating a new security policy. This is a constantly evolving process. Keep your organization as well as your user base continuously updated. Have you updated your computer policy? Do you have a mobility policy? There are new ways that organizations must secure their data, and many times that starts with informing the user. That said you should also review your data control policies and how users are accessing your networks. Now is a great time to look across your entire IT environment and identify places where older security policies might have holes. Creating good corporate, mobility, data and security policies helps keep your overall environment a lot more proactive. When it comes to a security breach, spend the money now so that you don’t have to pay even more if an incident occurs. Consider this, a recent IBM sponsored report looked at the actual cost to a company if there was a data breach. The total? $3.5 million - and 15 percent more than what it cost last year.
Let’s be realistic here, securing your infrastructure is a never-ending struggle. It’s not so much the bad guys either. We are tasked with balancing effective security while still providing an optimal user experience. With so many devices and data points, it has become even more challenging to secure critical data. Still, data and workload centralization has allowed administrators to keep a closer eye on their information while still controlling users. Consider some of these best practices:
One of the best ways to stay proactive and always be vigilant.
Stay updated on patches and fixes.
Read security blogs, posts and articles – seriously. They help a lot.
Test your system for flaws! Sometimes a pen-test can be very useful.
Continuously update your security policies. This goes for both your users and the IT infrastructure.
About the Author
You May Also Like