Tag Archives: cloud security

Outta sight = outta mind … why you should care where your data is stored

KidsPlayingOnStreetThe other day I was on Facebook and saw a post that talked about how we are the last generation to play in the streets, ride our bikes down the street, walk home at night from a friend’s house, etc. That got me thinking about some of the security measures that I think most of us took for granted. But with identity theft, system-corrupting viruses downloaded from emails, online scams…the list goes on and on for the type and kind of threats your data is exposed to on a minute-by-minute basis. Given that we are moving more and more towards a technology-based society – all our critical data is now stored as compressed data in datacenters.

I don’t even carry cash with me anymore – any and everything that I purchase is via a debit or credit card. What does this mean to overall security of our data? How do we keep our data safe? And how do we trust that “safe” is not a marketing term used by companies to get you to sign up for an account? Is out of sight the equivalent of out of mind?

For parents out there, think of data security as those instances where your kids are playing in the next room and you don’t hear them….nine times out of ten times it means that there is something destructive happening, so you have to constantly check in to make sure everyone is on the up-and-up. Just because you store your data with a company that says that they are secure and your data is safe, what are they doing on their end to make sure that your data is really safe? Are they like the parent that checks the next room to ensure that everything is fine or do they leave the house for a few hours and not worry about safety?

I would much rather know where my data is being stored and how it’s being used. Who has access to my data? Why do they have access? How are they using it? Who can I trust with my data? Why should I trust them with my data – just because they say so? These are just some questions that I need to consider – do you?

Shash Cates is the Creative Project Manager on the Mozy Marketing team.

How to Make the Private Cloud More Secure

Cloud securitySecurity concerns remain one of the biggest obstacles to cloud computing adoption, even as spending on cloud-based solutions accelerates. Users welcome the affordability and scalability of cloud solutions, but many remain fearful about the potential for network breaches and leaks. These fears typically focus on public cloud offerings, and as such, they open opportunities for securing private cloud environments.

Just as in the physical world, security is a multi-pronged approach in the virtual world as well. You need basic anti-virus/anti-malware protection just like any desktop or server receives across your enterprise; access controls so that a random employee can’t bring down your entire virtual infrastructure; firewalls and intrusion prevention products to keep network-based attackers out; and auditing and compliance tools to make sure your security is up to snuff. That is a lot of gear to handle, and all of it has to come cloud-aware otherwise it won’t be much use. Let’s look at some typical products in each category.

Reflex’ Virtual Management Center is the most comprehensive security solution, with modules in three broad areas (auditing/compliance, firewall/intrusion detection, and access controls). The product is actually four separate protective modules that are knit together with separate reporting and management consoles:

  • vTrust for virtual firewall protection,
  • vCapacity for capacity management,
  • vWatch which handles performance and resource monitoring and
  • vProfile for configuration management

Trend Micro purchased Third Brigade and has incorporated its features into its Deep Security product. The product has a variety of protective modules, including agent or agentless firewall/IDS, anti-malware, and web application protection. As you might suspect from a consumer software company, its Web management interface is very attractive and the dashboard has a lot going on. At a glance you can see your entire VM collection, whether any protective measures have been installed, and what alerts have been reported. You have to use the maps generated by VMware to see a visual picture of your network of VMs and their hosts.

Then there is Dome9.com, which is trying to make the cloud more secure by providing an automated service to centralize and consolidate security management across both private and public clouds and in and outside of your data center, including VMs residing on Rackspace, Amazon’s EC2 and GoGrid. They will manage all of your Window and Linux servers’ existing built-in firewalls. The product uses either agents or talks directly to VMware and other cloud provider APIs to automate secure access. For example, you can open and close RDP ports on a timed schedule to make sure that someone didn’t inadvertently leave them open when they were done with a remote connection.

They can also close ports without locking out legitimate server admins who need to get in on an as-needed basis without having to bother the overall security administrator to temporarily grant this access.

Tier 3′s Environment Engine can help the automation of various Microsoft and Linux server deployments. Each deployment can be configured to be private, shared publicly or limited sharing to specific individuals. You can add multiple VMs so that an entire Web app can be brought up with a single command, even though it is deployed across multiple Web, database, and app servers on different VMs. You can script out an entire installation, adding monitoring, backups, firewall rule sets – in short, you can replicate in the cloud your entire computing environment.

As you can see, the number of individual products and services that are available to handle cloud computing is a huge space, and only growing as the important of the cloud picks up for many IT managers. You should try out some of these services and experiment with the kinds of protective features that you need to feel comfortable with your cloud deployment.

We have just touched on a few of the products in this space and feel free to share the ones that you recommend as well.