Security concerns remain one of the biggest obstacles to cloud computing adoption, even as spending on cloud-based solutions accelerates. Users welcome the affordability and scalability of cloud solutions, but many remain fearful about the potential for network breaches and leaks. These fears typically focus on public cloud offerings, and as such, they open opportunities for securing private cloud environments.
Just as in the physical world, security is a multi-pronged approach in the virtual world as well. You need basic anti-virus/anti-malware protection just like any desktop or server receives across your enterprise; access controls so that a random employee can’t bring down your entire virtual infrastructure; firewalls and intrusion prevention products to keep network-based attackers out; and auditing and compliance tools to make sure your security is up to snuff. That is a lot of gear to handle, and all of it has to come cloud-aware otherwise it won’t be much use. Let’s look at some typical products in each category.
Reflex’ Virtual Management Center is the most comprehensive security solution, with modules in three broad areas (auditing/compliance, firewall/intrusion detection, and access controls). The product is actually four separate protective modules that are knit together with separate reporting and management consoles:
- vTrust for virtual firewall protection,
- vCapacity for capacity management,
- vWatch which handles performance and resource monitoring and
- vProfile for configuration management
Trend Micro purchased Third Brigade and has incorporated its features into its Deep Security product. The product has a variety of protective modules, including agent or agentless firewall/IDS, anti-malware, and web application protection. As you might suspect from a consumer software company, its Web management interface is very attractive and the dashboard has a lot going on. At a glance you can see your entire VM collection, whether any protective measures have been installed, and what alerts have been reported. You have to use the maps generated by VMware to see a visual picture of your network of VMs and their hosts.
Then there is Dome9.com, which is trying to make the cloud more secure by providing an automated service to centralize and consolidate security management across both private and public clouds and in and outside of your data center, including VMs residing on Rackspace, Amazon’s EC2 and GoGrid. They will manage all of your Window and Linux servers’ existing built-in firewalls. The product uses either agents or talks directly to VMware and other cloud provider APIs to automate secure access. For example, you can open and close RDP ports on a timed schedule to make sure that someone didn’t inadvertently leave them open when they were done with a remote connection.
They can also close ports without locking out legitimate server admins who need to get in on an as-needed basis without having to bother the overall security administrator to temporarily grant this access.
Tier 3′s Environment Engine can help the automation of various Microsoft and Linux server deployments. Each deployment can be configured to be private, shared publicly or limited sharing to specific individuals. You can add multiple VMs so that an entire Web app can be brought up with a single command, even though it is deployed across multiple Web, database, and app servers on different VMs. You can script out an entire installation, adding monitoring, backups, firewall rule sets – in short, you can replicate in the cloud your entire computing environment.
As you can see, the number of individual products and services that are available to handle cloud computing is a huge space, and only growing as the important of the cloud picks up for many IT managers. You should try out some of these services and experiment with the kinds of protective features that you need to feel comfortable with your cloud deployment.
We have just touched on a few of the products in this space and feel free to share the ones that you recommend as well.