Often times we are caught up in the whirlwind of inconvenience and we feel the need to blitz our way through security requirements. That applies to everything we do, not just within the cloud. It’s been asked; “How do you secure a cloud based network infrastructure?” That question can initiate varying avenues of results. It ultimately depends upon the type of cloud service you are using. Take this example for instance; usage from a network with servers locked inside a room. This example is the standard familiarity that we as users are very well adapted to and more comfortable with. In CompTIA’s Security+ study materials there is a chapter that covers “Securing the Cloud”. The chapter begins with cloud terminology; from working with cloud computing to all the cloud service types such as “Infrastructure as a Service (IaaS)”. Cloud technology is a very extensive subject. The main focus here will be on the private cloud and public cloud. In a public cloud the actual infrastructure exists on the premises of the company that’s providing the services to those authorized to use it. Those that use the private cloud only pertains to the cloud services offered by one particular organization. It isn’t shared with others. Does that mean using a private cloud is for one individual user? No it doesn’t, there can be an entire organization using the private cloud. It’s just not shared with other organizations, it’s what cloud services call “tenancy”. There is a multi-tenancy (for public cloud) and a single tenancy (for private cloud). For instance an organization called Chess Sophos can offer 30,000 users a tenancy within their public cloud infrastructure. This could mean Google, Netflix, Spotify, Twitter, YouTube, and Facebook are all using the same public cloud with multiple users. There’s an agility and speed that goes with operating within a public cloud. Having that ability to spin up a server within let’s say Google, uploading a dozen documents and perhaps five hundred photos from your last vacation. It’s a comfort to have the stability and security in knowing that your information in the public cloud is safe. When it comes to securing the public cloud it is best practice to learn your responsibilities first. Many different companies such as Amazon Web or Microsoft Azure both share the same security solution. The following are a few examples from several cyber security companies in their approach to securing the private & public cloud.
“If you can’t see it, you can’t secure it”.
-Sophos
Sophos provides “Auto scaling workload security to protect against malware and ransomware”. Sophos also provides a simple way to analyze reporting and security events within the cloud network infrastructure. These are just a few examples of what Sophos offers to secure the cloud. Within the public cloud as the user you are responsible for what you upload or use within the cloud. You need to have a better idea of what the security requirements are from the service that you would be using from the public cloud. Knowing the compliance behind the service is a great addition. Many public cloud services undergo what is called; “continuous monitoring” which is a way to ensure the security and the particular compliance within the cloud based network. One last point in securing the public cloud. It’s a key word many cyber security professionals are familiar with or at least “long for” within their environment; automation. Keep in mind that many black hat hackers automate many of their attacks. Staying ahead of those attacks by automating your own defenses will allow you to stay a few steps ahead. Many organizations strive to maintain varied instances of security provisioning but they need to include the right orchestrating security tools and features. Some of these management tools might include hypervisors within cloud management consoles and other features that can deploy security policies where they’re needed.
“Advanced threats require advanced security”
-Fortinet
According to Fortinet there are more virtualized data centers that handle crazy amounts of workloads on less physical machines. At the same time they require higher network speeds and higher performance requirements. The architecture and the operations of the data center from previous years never really matched the security requirements or recommendations especially within the private cloud. However today everyone’s data centers that might be running private clouds or public clouds have the latest advances of security solutions. Performance has always been at the forefront for every organizations computing technology. That’s when security needs to match the performance. Examples in matching security with a private clouds network infrastructure may include upgrading firewalls. Not only does the security hardware have to match performance but the software has to match as well. Conducting ongoing vulnerability assessments is part of this too. As previously stated, attackers possess similar capabilities and they are only hoping that a vulnerability goes unnoticed. As inconvenient as security best practices seems at times we don’t want to await the pending rain storm. Industry standards teach us all as cyber security professionals that we need to stay informed and stay trained. We as fellow information technology professionals need to keep an ear to the ground with own industry association. For instance CompTIA launched a recent video conducted by Kelly Stone, Social Marketing Strategist & Randy Gross, Chief Information Officer. The video was about the successful ability to take a certification exam from your own home. This is a spectacular advantage! When you prepare for CompTIA’s Security+ exam ensure you review each chapter thoroughly and maintain a steady pulse on the practice exams. For those that are about to test; good luck, great things will come.
“Winners never quit, and quitters never win.”
– Vince Lombardi.
Cited resources:
Comments