|By Gathering Clouds||
|September 12, 2013 10:45 AM EDT||
Securing your data used to be simpler (if not necessarily easy). You had IT infrastructure in your data center. You adopted security controls at all levels – from physical security, controlling who could enter the facility, up through the network and system, and application layers. IT security looked a lot like perimeter security in a building – the valuables are inside, the attackers are outside, so you have good walls and strong locks and monitor what passes through.
The cloud explodes this model. Today, your data is in your own facility, at a managed hosting provider’s data center, and at your cloud provider. And while you’ve got a specific set of servers and network connections at the hosting provider – you can even go see your servers if you want to! – in the cloud you’ve got virtual machines that vary in number and location within the cloud environment. In a dynamic, autoscaling cloud the number of VMs you’re using may change hour to hour. And wait, there’s more – your employees, customers, and partners are accessing that data not just on IT-approved workstations but on iPads, Android phones, and probably Google Glass before long with the rise of BYOD.
So how do you go about ensuring distributed data security in the variety of places the data lives, not all of which are under your total control? This means thinking not about securing your perimeter, but utilizing security technologies that follow your data. Let’s look at some examples of what this means.
Let’s look at your physical security. The service providers taking care of your hosting and cloud infrastructure need to have solid processes in place to keep intruders away from the hardware that holds your data – you should ask them about it. (A good provider will welcome the question.) Your responsibility extends beyond your own facilities.
What about network traffic? The traditional way of monitoring network traffic for attackers meant monitoring the traffic at your switches. Cloud network security monitoring means being able to monitor traffic on virtual machines – even as they spin up in response to sudden demand.
How about log data? Capturing, analyzing and storing logs is a basic security practice – does your log solution capture logs on the cloud?
There’s another wrinkle to this. Capturing all that security data from one environment produced enough challenges – you’ve got to correlate it to find the meaning in all the data, leading many organizations to attempt to implement SIEM (often with more headaches than results) or offload the work to an MSSP. Now you’ve got data across multiple environments – and to really understand your security posture, you’ve got to analyze that data as a whole, not in separate buckets. That means that your security technologies have to all be cloud-aware and able to work with the data coming from everything from an in-house data center to the cloud.
Given that, there are a couple of key principles to keep in mind when looking at security solutions to protect your data in the cloud:
- Look for cloud-native technologies that can handle the rapid scaling of cloud environments – this means not just that they are deployable in the cloud, but they can scale just like the cloud.
- Talk to your cloud hosting provider. Item 1 will require some level of integration with your cloud environment, so you cloud provider should be a trusted partner in identifying security technologies that give you the protection you need.
- Think globally. If you wind up with separate security buckets for cloud, managed hosting, and on-premises infrastructure, you’ll be left with the challenge of piecing it all together and you’re not likely to get the outcomes you want.
Like the cloud itself, security in the cloud is a game changer. The good news: it presents an opportunity to get some of the same flexibility and efficiency in your security spend that make cloud infrastructure so good for your business.
By Jake Gardner