Best Practices For Delivering Security & Governance In The Cloud
—By Anindo Sengupta, Chief Delivery Officer, Minjar Cloud Solutions
Security has been the bugbear for Cloud from Day 1. A recent IDC CloudView Survey cites security concerns as the number 1 inhibitor regarding the adoption of cloud technologies and services. However it’s a myth that what you keep in your data center is more secure than what you put on cloud.
The current trend in cyber threats points to more vulnerabilities impacting users through “Man in the middle” attacks or Bots creating ‘DDoS’ scenarios which typical data center architectures are not able to handle. What is more important in today’s world is that every single application workload and its architecture needs to be built and designed for security across each layer irrespective of where the workload is deployed.
Designing security for cloud workloads is a shared responsibility. If we take the most common use case of Infrastructure as a service (IaaS), your cloud provider takes complete responsibility for securing the underlying infrastructure that supports the cloud, and you’re responsible for anything you put on the cloud or connect to the cloud. An end to end view of Security and Governance involves planning for security across various layers of any workload.
Some of the best practices in architecting for securing for cloud are:
DDoS Security: Designing and implementing solutions for “Distributed Denial of Service” attacks
Web Application Firewall: Preventing known application vulnerabilities through set of policies
Application Vulnerability Assessment and Penetration Testing: Frequent Audit of Infrastructure and Applications to ensure adherence to compliance and Security
Unified Threat Management: An integrated solution typically applied on the application perimeter that includes firewall with IDS, IPS and VPN capabilities
Host Based Security: Secures the end point instances that host application components and workloads through regular anti-malware, patch management and port level controls
Data Security & Encryption: Secure data in transit and rest through the right combination of Key Management and Encryption
Identity and Access Management: Ensure fine grained user access controls to limit access to only what is needed
While the complexity in security will continue to evolve in the cyber world; where Cloud scores in enabling security and governance is its ability to get security controls well configured within the cloud architecture design.
Some key areas are:
Cloud allows for higher level of segregation of environments
Enables fine grained controls for resource access and interactions
Enables stronger encryption and key management
Enables highly granular and pointed security monitoring and logging
Enables strong compliance and control through automation