|By Aaron Klein||
|August 20, 2013 10:00 AM EDT||
The cloud offers users agility and flexibility at, potentially, a far lower cost than a traditional data center model. However, with these benefits come risks from cost sprawl, security holes, and availability management. Part 1 of Cloud Monitoring Essentials focused on cost concerns. This second part looks at security.
The dynamic nature of the cloud, with ever-changing security groups and rules, makes security difficult. New instances, auto scaling groups, and buckets are created and terminated daily. Resources that were ‘secure' yesterday may be altered today and your security posture may be compromised.
The distributed and centralized nature of the cloud creates security headaches. Not only is the deployment regularly changing, but the people changing it are across groups and departments.
To address security, you need to take these three steps:
- Track Deployment Changes: A large deployment is difficult to maintain in a timely manner. Tracking changes ensures that your valuable time is spent identifying new and evolving issues.
- Perform Daily Best Practice Checks: You should create a comprehensive best practice checklist and zealously employ it. Coverage should include issues ranging from security group rules to password policies to IP addresses to bucket permissioning.
- Create a Mitigation Strategy: Issues can quickly multiply and security mitigation needs to be performed daily. A solid strategy which prioritizes issues will help you efficiently manage this responsibility.
Unfortunately, however, implementation of these processes is neither easy nor quick. Identification alone could quickly become a full time job. Performing manual detection creates the risks of missed issues.
Employing an automated solution that performs these tasks and delivers customizable alerts solves that problem. For as little as $49 per month, solutions provide full identification scans, customized alerts, and complete mitigation instructions. Plainly, they offer a much better alternative to devoting hundreds of man hours and performing the tasks manually.
Stay tuned for Part 3 of Cloud Monitoring Essentials: Availability.