Secure Your Cloud Building Blocks: Overview and a Few Tips
Secure Your Cloud Building Blocks: Overview and a Few Tips

AWS Cloud Security TipsThe cloud enables great agility and can reduce costs if used right. But does it also manage risk? In fact, the cloud contains the same traditional hosting risks as well as specific related risks to your production environment running on the cloud.

With IaaS dynamic environment you pay only for what you use enabling alignment with actual real-time demand. The cloud instance is a temporary resource that is created from a gold master image automatically and on demand. This basic cloud automation capability makes traditional patching redundant and fast provisioning extremely easy. It is an important consideration that changes some basic security deployment perceptions when moving from traditional infrastructure to the cloud.

 

Cloud security acts against the traditional IT users expectations. The system is not static, there is no access to the hypervisor and the hybrid environment assembled from multiple IT environments should be treated differently. New adopters of the public cloud find that deployments are pretty easy however, when it comes to secure deployments, there is still great knowledge gap.

The Responsibility

In the cloud, responsibility is shared. While the infrastructure and virtualization layers are in the hands of the IaaS vendor, IaaS users are responsible for utilizing the “building blocks” – the virtual compute resources to deploy and maintain best practice architectures that support HA and DR. Service Architecture must solve security problems in public, private, and hybrid cloud deployments, specifically with regards to:

  1. Perimeter & Access Control
  2. Server Integrity & Intrusion Detection
The Cloud Firewall

Traditional data centers enjoyed the transparency of a static capacity and secure deployment and configuration was comparatively simpler (as opposed to in the cloud). In traditional DC’s, the firewall served as the gate for groups of servers or clusters. Each group included servers that held the security appliances.

Moving to a cloud environment and deploying in the same static manner is an option as an initial phase.  In order to enhance and enjoy the dynamic features of the cloud however, the security configuration should be replicated automatically taking into consideration the deep granularity of the cloud environment. That supports the dynamic cloud benefits, such as cost and agility that were mentioned above. In the public cloud, each server can have its own firewall and security configuration. The multi-tenant SaaS architecture standard best practice consists of 3 three layers – the Load balancers and front-end/webservers, the app and middle tier servers and DB servers. In this case the connection and data transfer between layers and servers generates an extreme complexity with regards to access control and server protection.

A Few Important Tips

  1. Whatever firewall options you have, use them and make sure your firewall rules are updated quickly.
  2. Secure your server integrity by keeping images up-to-date and monitoring them closely for changes.
  3. You will be a multi-cloud, so architect for multi-cloud availability, including the “least common denominator”.
  4. Embrace the flexibility of the cloud; re-think operations – understand, embrace, and secure the new cloud operational model.
  5. It’s possible to meet regulatory compliance requirements in the cloud, just know what you’re responsible for. Know exactly what your cloud provider takes responsibility for and what they don’t.
  6. Automate management and monitoring – Monitor your businesses application and support files for subtle changes which could indicate tampering by an intruder.
  7. Ensure software packages are up-to-date and have no known remote exploit vulnerabilities.
  8. Avoid OS and application mis-configurations that can lead to remote compromise.


Want to know how to maximize your reach with your content?
I'm interested in:
Join IOD

IOD is a content creation and research company working with some of the top names in IT.

Our philosophy is experts are not writers and writers are not experts, so we pair tech experts with experienced editors to produce high quality, deeply technical content.

The author of this post is one of our top experts. You can be too! Join us.

Join Us

Tech blogger? Why not get paid for your research and writing? Learn how.

The IOD website uses cookies. By clicking, you confirm acceptance of our cookie policy.
Logout
Please select one of the following:
Full Name
Email
Company
Job Title
Website
Expert?
Yes
Yes
Yes
No
What's your area of expertise?