SlideShare a Scribd company logo

Whitepaper: Security of the Cloud

CloudSmartz, profile picture
CloudSmartz

The document discusses the transition from traditional on-premise data centers to hybrid cloud environments, highlighting the need to rethink enterprise security as applications and data move beyond company data centers. Emphasizing the importance of embedding security throughout all layers in cloud computing, the document compares the security of public, private, and hybrid clouds, recommending a holistic approach to mitigate risks such as data leaks and breaches. It also advises on the importance of identity management, compliance, and selecting the right cloud service provider to ensure a secure and efficient cloud adoption.

Business
Related topics:
Cloud Services Cloud Service Provider IT Security
1 of 4
Download to read offline
1
2
3
4
WHITE PAPER SECURITY OF THE CLOUD Enterprise IT is transitioning from the use of traditional on-premise data centers to hybrid cloud environments. As a result, we’re experiencing a paradigm shift in the way we must think about and manage enterprise security. From Four Walls to No Walls Until now, the conventional view on IT security has been that applications and data are safe because they’re physically housed within the confines of a company’s data center walls using company-owned equipment. So, it’s not surprising that many decision makers perceive greater risks as they trade physical assets for cloud-based solutions. Pre-cloud, data security focused on physical access and control, network security, and device threats. However, in the cloud world, OPEX infrastructure models are the norm. Corporate data constantly moves to/from company-owned equipment, to/from non-corporate devices, and it traverses both Layer 2 and Layer 3 network segments. IT personnel need to address encryption, authentication, and authorization (identity management) security strate- gies at the physical, data link, network, transport, session, presentation, and application layers. The majority of the security budget once went to protecting the perimeter of the enterprise. Now, because of compliance mandates and the nature of cloud computing, security must be woven into every functional area of the company— from each business unit’s infrastructure and line of business applications to externally sourced SaaS service agreements and identity management systems. Note that it’s important to consider the dynamics of security within the cloud whether you adopt cloud-based application delivery or not. CONSIDERTH E DY N A M I C S O F S E CU R IT Y WITH I N TH E C LO U D
WHITE PAPER SECURITY OF THE CLOUD PAGE 2 Business-Critical Computing in the Cloud YOUR CHALLENGE: ADOPT CLOUD AND SECURE IT Cloud computing opens up new avenues of collaboration, cost management, and convenience. Now you have a more agile way to deliver business-critical information with business partners, consumers, and end-users. You can minimize operational expenses by leveraging pooled resources and paying for just what you need, as you need it. And you can support the convenient mobile data access your users demand. Business-critical computing on-premise » Over-buying to meet highest anticipated demand » Dedicated storage » Dedicated compute » Control: only the devices are mobile, not the apps » Security budget dedicated to protecting the perimeter and controlling access Business-critical computing in the cloud » Pooled resources, scale on-demand » Shared networking and compute in public clouds » Delivery via the Internet in public clouds » Security must be embedded within every layer and application when delivering via public infrastructure » Private hosted clouds can be leveraged to deliver cloud economics without re-architecture Cloud computing paves the way for IT advancements. But, without the proper cloud security mechanisms in place, your enterprise risks data leaks and security breaches. Cloud security fortifies IT efforts at every layer. The strength of that security depends upon the type of cloud you choose, the infrastructure supporting it, your service providers, and the identity management tools you use to collaborate with employees, partners, and consumers. Security in Public, Private and Hybrid Clouds Cloud computing can be divided into two general camps: public, in which the network, compute, and storage are multi-tenanted with little or no SLA on availability; and private, in which resources are dedicated, architected for high availability, and backed with SLA guarantees. When it comes to flexibility and economy, both types of cloud deliver with ease. When it comes to security, how- ever, private clouds can offer significant advantages over public. PUBLIC The public cloud can be a hostile environment. You will have limited or no visibility into the underlying infrastructure and security controls. Nor will you have control over who’s sharing your resources and the risks they could potentially introduce into the host system or data stores. Therefore, public clouds require a holistic approach to security: every component of the infrastructure must be secure and auditable in order to support business-critical computing and compliance. Tips when considering public cloud » Be wary of network QOS and DDOS mitigation. Your public cloud probably doesn’t manage this for you. » Be wary of noisy neighbor syndrome. Does your provider offer performance guarantees? » Ensure adequate data security and firewalling of your environment. » Ensure adequate authentication and security controls. Fortunately, tools are being developed to give IT administrators back some level of control over data in public clouds. Citrix, NetApp, and VMware each offer forms of cloud-level data management. Citrix ShareFile, for example, provides a hybrid approach to public clouds. Data can live wherever it’s needed but is always under the control of the ShareFile control plane. Data can’t be shared without permission, and data that’s managed remotely can be wiped clean no matter what device it’s on. EVERYLEVELC LO U D S E C U R IT Y F O R T I F I E S IT DATA A N D S E C U R IT Y AT
PAG E 3 PRIVACY AND SECURIT Y ARE THE LINCHPINS OF BUSINESS - CRITICAL COMPUTING PRIVATE A private cloud is a virtualized datacenter within the cloud. Think of it as relocating your data center to an offsite location: you have dedicated compute, network, and storage resources that you manage as your own, just like you did on-premise. In this way, you can leverage the economics of the cloud without reworking business processes and applications to accommodate the rigorous security demands of public clouds. In the case of Faction’s private hosted cloud, you can ‘come as you are’ and bring your own security (BYOS) or network (BYON) thanks in part to our Cloud’s Faction-to-Faction Layer 2 Direct Connect service. Private clouds are especially advantageous to shops with tight regulatory requirements or limited resources. Tips when considering private cloud » Make sure your cloud provider lets you bring your own security capabilities. Don’t settle for your provider’s options; use yours. You’ve tested it. You use it. You trust it. » Ask your provider about their private networking and vLAN capabilities. Ideally you want Layer 2 connections to/from your customer premise, data centers and from cloud to cloud. With Layer 2 you maintain network isolation and reduce complexities. At Faction, for example, customers can bring their network to our Cloud as-is. We eliminate the need to provision and manage complex firewalls, routers, and Spanning Tree Protocol [STP]. HYBRID In some cases, the best methodology will command the resources of both private and public clouds. This hybrid approach supports the shift from traditional, singlesystem to multi-tiered application deployment. It also increases the available resources for test and development, business continuity, and managing resource demand spikes. To support data privacy and prevent leaks, all data moving between private and public clouds must be encrypted, and access to it must be tied to user identities. Tips when considering hybrid cloud » Ensure your cloud provider offers flexible usage of their storage and compute resources. In other words, if all you need is storage, does your cloud provider allow you to just buy storage? » Determine whether your cloud provider gives you the ability to leverage existing tools, such as VMware APIs. » Make sure your cloud provider allows you the ability to provision and leverage your existing vLAN topology. With Layer 2 private connectivity, you can use the same connection to access both public and private resources while maintaining network separation between public and private environments. Fortunately, tools are being developed to give IT administrators back some level of control over data in public clouds. Citrix, NetApp, and VMware each offer forms of cloud-level data management. Citrix ShareFile, for example, provides a hybrid approach to public clouds. Data can live wherever it’s needed but is always under the control of the ShareFile control plane. Data can’t be shared without permission, and data that’s managed remotely can be wiped clean no matter what device it’s on. Compliance and the Cloud Service Provider Whichever type of cloud strategy you choose—public, private or a combination of both—your cloud provider will play a key role in its success. You’ll have many factors to consider in selecting your provider, but for the purposes of this paper, we’ll focus on compliance, since customer privacy and data security are the linchpins of business-critical computing for many industries. (For more insight into the many factors to consider, read our whitepaper, Tips for Selecting Your Cloud Service Provider.) To make sure the service provider can live up to the promises they’re making, ask for the results of a third-party compliance audit. Look for audit capabilities like SSAE-16 SOC 1/2 and the ability to ink HIPAA Business Associate Agreements (BAA). Many agreements are multi-layered these days, so a key differentiator among cloud providers is their ability and willingness to work with consulting firms and other business entities to execute on these agreements. Keep in mind that certifications are often only a stepping stone to actual audit performance. Be sure the provider has the personnel to support your audits and is willing to adapt to your individual needs rather than dictating how you should approach security. If you can take advantage of a provider’s ability to be flexible with Layer 2 networking, for example, you’ll benefit from a compliance cost standpoint because it allows you to recoup your network and security architecture investment and limit your exposure to risk by minimizing technology changes and subsequent process change.
PAGE 4 Identity Management and Application Integration Adopting applications in the new world of the cloud isn’t just a matter of selecting the best applications to get the job done. Now you need to figure out how each application will integrate with your authentication (identity management) requirements. For example, requiring users to maintain multiple logins for multiple applications often negates the convenience factor of cloud access and injects new risks. From a human interaction standpoint, it erodes efficiency and security (who can remember all those logins and passwords without writing them down somewhere?). Instead, use identity management tools to rapidly provision and deprovision users while maintaining the convenience of simple logon processes. There are a variety of ways to achieve a secure hybrid cloud deployment. Methods for securing hybrid cloud deployments: » Use secure file sharing tools to allow data sharing while controlling compliance » Use identity management tools to rapidly provision and de-provision users » Implement single sign-on (SSO) to eliminate password proliferation and the associated risks » Utilize multi-factor authentication mechanisms as required » Integrate new applications with identity management systems » Drive higher levels of access control to data and databases As we tear down the walls protecting the perimeter of our enterprises and open new conduits to communication, collabo- ration, and mobility, most IT departments have moved security and data privacy to the top of their priority lists. And for good reasons: maintaining compliance, protecting reputations, and improving workforce productivity to name a few. Fortunately, security and cloud computing aren’t mutually exclusive. Secure cloud computing can be achieved with the proper tools, service providers, business associate agreements, and the deliberate integration of applications and enterprise-wide identity management systems. About Faction Faction is an enterprise-class IaaS cloud service provider offer- ing private, public, hybrid cloud solutions through channel partners. At Faction we supply cloud the way you want it with extreme performance, deep control, and broad customization capabilities. When you join the Faction fold, you take back the keys to your kingdom. Reign as supreme commander in chief of your cloud. No compromises. No exceptions. Faction is the only cloud that offers patented plug-and-play direct connections (via layer 2) into its cloud resulting in huge time savings (no time spent re-configuring everything)! With Type II SSAE 16 and SOC 1 2 compliant cloud nodes in eight geographies across the United States and in Europe (Seattle, Santa Clara, Denver, Chicago, Atlanta, New Jersey, New York, and the United Kingdom), Faction offers both Cisco UCS and Open Compute platforms, is a Platinum-level NetApp Service Provider, and is VMware vCloud® Powered. For more informa- tion, visit www.factioninc.com or call (855) 532-4734. RICKVINCENTDIRECTOR OF SOLUTIONS ENGINEERING About the Author As Director of Solution Engineering for Faction, Richard Vincent is responsible for architecting robust IAAS solutions, for channel partners and enterprises, enabling them to conduct business with compelling differentiation. Prior to joining Faction, Mr. Vincent served as a Storage Solution Executive at Dell, performed as an independent cloud consultant, and held the position of Director, Data Center Computing for Global Technology Resources, Inc GTRI. Mr. Vincent is a graduate of the University of Georgia, College of Business and is fluent in the Japenese language. www.cloudsmartz.com Copyright 2015 CloudSmartz, Inc. All Rights Reserved. All other logos and trademarks are the property of the respective trademark owners. 1-800-836-2050

More Related Content

PPTX
Cloud computing and its security issues
Jyoti Srivastava
 
PPTX
Cloud computing security & forensics (manu)
ClubHack
 
PPT
Cloud Computing Security Issues
Discover Cloud Computing
 
PDF
Cloud Security
Hi-Tech College
 
PDF
Privacy Issues In Cloud Computing
iosrjce
 
PDF
Cloud Security Strategy
Capgemini
 
PDF
Cloud Security POV_Final (by KM)
Khiro Mishra
 
PPT
Security issue in cloud by himanshu tiwari
bhanu krishna
 
Cloud computing and its security issues
Jyoti Srivastava
 
Cloud computing security & forensics (manu)
ClubHack
 
Cloud Computing Security Issues
Discover Cloud Computing
 
Cloud Security
Hi-Tech College
 
Privacy Issues In Cloud Computing
iosrjce
 
Cloud Security Strategy
Capgemini
 
Cloud Security POV_Final (by KM)
Khiro Mishra
 
Security issue in cloud by himanshu tiwari
bhanu krishna
 

What's hot (20)

PDF
Cloud computing security issues and challenges
Kresimir Popovic
 
PPTX
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
PPT
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
PPTX
Cloud Computing Security Issues
Stelios Krasadakis
 
PDF
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
DOC
Cloud security
Mohamed Shalash
 
PDF
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
 
PPTX
Cloud security and security architecture
Vladimir Jirasek
 
PDF
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
 
PDF
Cloud security and adoption
Sudsanguan Ngamsuriyaroj
 
DOCX
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
PDF
Cloud Computing: legal issues
ISPABelgium
 
PDF
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
 
PPT
Cloud computing-security-issues
Aleem Mohammed
 
PPT
Security Issues of Cloud Computing
Falgun Rathod
 
PPTX
Authentication cloud
vidhya dharmarajan
 
PPTX
Cloud Security Issues 1.04.10
Rugby7277
 
PPTX
Security in cloud computing
Abhishek Kumar Sinha
 
PPTX
Cloud security (domain11 14)
Maganathin Veeraragaloo
 
PPTX
Cloud Computing Security
Nithin Raj
 
Cloud computing security issues and challenges
Kresimir Popovic
 
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Cloud Computing Security Issues
Stelios Krasadakis
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Project
 
Cloud security
Mohamed Shalash
 
Cloud computing understanding security risk and management
Shamsundar Machale (CISSP, CEH)
 
Cloud security and security architecture
Vladimir Jirasek
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Venkateswar Reddy Melachervu
 
Cloud security and adoption
Sudsanguan Ngamsuriyaroj
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Vivek Maurya
 
Cloud Computing: legal issues
ISPABelgium
 
Cloud Computing Risk Management (Multi Venue)
Brian K. Dickard
 
Cloud computing-security-issues
Aleem Mohammed
 
Security Issues of Cloud Computing
Falgun Rathod
 
Authentication cloud
vidhya dharmarajan
 
Cloud Security Issues 1.04.10
Rugby7277
 
Security in cloud computing
Abhishek Kumar Sinha
 
Cloud security (domain11 14)
Maganathin Veeraragaloo
 
Cloud Computing Security
Nithin Raj
 
Ad

Similar to Whitepaper: Security of the Cloud (20)

DOCX
Comparing public and private cloud
Karthika Narasiman
 
PDF
Epaper
AniaPaplaCardenal
 
PPTX
Cloud Security: A matter of trust?
Mark Williams
 
PDF
Strategies for assessing cloud security
Arun Gopinath
 
PDF
Strategies for assessing cloud security
IBM India Smarter Computing
 
PDF
Ast 0064255 strategies-for_assessing_cloud_security
Accenture
 
PPTX
Cloud Security By Dr. Anton Ravindran
GSTF
 
PDF
Data Privacy And Security Issues In Cloud Computing.pdf
Ciente
 
PDF
Secure Computing in Enterprise Cloud Environments
Shaun Thomas
 
PDF
How Secure Is Cloud
William Lam
 
PPT
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
PDF
Cloudsecurity
drewz lin
 
PPTX
Cloud Computing Unveiled: Challenges, Security Frameworks, and Best Practices
Boston Institute of Analytics
 
PDF
Are you ready for the private cloud? [WHITEPAPER]
KVH Co. Ltd.
 
PDF
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
Tim Harvey
 
PDF
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
SafeNet
 
PPTX
Benefits Of Building Private Cloud
dinobusalachi
 
PDF
Cloud Perspectives - Ottawa Seminar - Oct 6
Scalar Decisions
 
PPT
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Bill Annibell
 
PPT
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
TT L
 
Comparing public and private cloud
Karthika Narasiman
 
Epaper
AniaPaplaCardenal
 
Cloud Security: A matter of trust?
Mark Williams
 
Strategies for assessing cloud security
Arun Gopinath
 
Strategies for assessing cloud security
IBM India Smarter Computing
 
Ast 0064255 strategies-for_assessing_cloud_security
Accenture
 
Cloud Security By Dr. Anton Ravindran
GSTF
 
Data Privacy And Security Issues In Cloud Computing.pdf
Ciente
 
Secure Computing in Enterprise Cloud Environments
Shaun Thomas
 
How Secure Is Cloud
William Lam
 
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
Cloudsecurity
drewz lin
 
Cloud Computing Unveiled: Challenges, Security Frameworks, and Best Practices
Boston Institute of Analytics
 
Are you ready for the private cloud? [WHITEPAPER]
KVH Co. Ltd.
 
May 2013 Federal Cloud Computing Summit Keynote by David Cearly
Tim Harvey
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
SafeNet
 
Benefits Of Building Private Cloud
dinobusalachi
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Scalar Decisions
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Bill Annibell
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
TT L
 
Ad

More from CloudSmartz (16)

PDF
CIO APAC Magazing: Jumping the SDN/NFV Disillusion Curve
CloudSmartz
 
PDF
CIO APAC Magazing: A 360 View of SDN/NFV
CloudSmartz
 
PDF
CloudSmartz White Paper: Real Time IT
CloudSmartz
 
PDF
Cloudsmartz Case Study - FiberSuite for FiberTech
CloudSmartz
 
PDF
Cloudsmartz Case Study - Pacnet App Dev
CloudSmartz
 
PDF
CloudSmartz Case Study - Cloud/IaaS Services
CloudSmartz
 
PDF
Cloudsmartz Case Study: Managed Services
CloudSmartz
 
PDF
CloudSmartz Case Study: Development Services
CloudSmartz
 
PDF
CloudSmartz Digital CX Delivery Brochure
CloudSmartz
 
PDF
CloudSmartz SDxSuite Brochure
CloudSmartz
 
PDF
CloudSmartz SDxSuite Brochure
CloudSmartz
 
PDF
Software-Defined Networking & Network Function Virtualization
CloudSmartz
 
PPTX
Disaster Recovery & Business Resilience Trends - CloudSmartz | Smarter Transf...
CloudSmartz
 
PDF
[BROCHURE] Choosing the Right MSP to support All of Your Business Devices
CloudSmartz
 
PDF
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter Transformation
CloudSmartz
 
PDF
CloudSmartz Disaster Recovery [Use Case] | Smarter Transformation
CloudSmartz
 
CIO APAC Magazing: Jumping the SDN/NFV Disillusion Curve
CloudSmartz
 
CIO APAC Magazing: A 360 View of SDN/NFV
CloudSmartz
 
CloudSmartz White Paper: Real Time IT
CloudSmartz
 
Cloudsmartz Case Study - FiberSuite for FiberTech
CloudSmartz
 
Cloudsmartz Case Study - Pacnet App Dev
CloudSmartz
 
CloudSmartz Case Study - Cloud/IaaS Services
CloudSmartz
 
Cloudsmartz Case Study: Managed Services
CloudSmartz
 
CloudSmartz Case Study: Development Services
CloudSmartz
 
CloudSmartz Digital CX Delivery Brochure
CloudSmartz
 
CloudSmartz SDxSuite Brochure
CloudSmartz
 
CloudSmartz SDxSuite Brochure
CloudSmartz
 
Software-Defined Networking & Network Function Virtualization
CloudSmartz
 
Disaster Recovery & Business Resilience Trends - CloudSmartz | Smarter Transf...
CloudSmartz
 
[BROCHURE] Choosing the Right MSP to support All of Your Business Devices
CloudSmartz
 
CloudSmartz Layer 2 Direct Connect [Factsheet] | Smarter Transformation
CloudSmartz
 
CloudSmartz Disaster Recovery [Use Case] | Smarter Transformation
CloudSmartz
 

Recently uploaded (20)

PDF
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
PPTX
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
PPTX
DMT - Profile Brief About Business .pptx
AkhileshKumar724847
 
PPTX
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
PDF
Dr. Enrique Segura Ense Group - A Self-Made Entrepreneur And Executive
Dr. Enrique Segura Ense Group
 
PPTX
CkgxkgxydkydyldylydlydyldlyddolydyoyyU2.pptx
DSAISUBRAHMANYAAASHR
 
PDF
20250805_A. Stotz All Weather Strategy - Performance review July 2025.pdf
FINNOMENAMarketing
 
PDF
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
PDF
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
PDF
A Brief Introduction About Julia Allison
Julia Allison
 
PPT
340036916-American-Literature-Literary-Period-Overview.ppt
carinaherdiles611
 
PDF
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
PDF
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
PDF
Hindu Circuler Economy - Model (Concept)
Avijit Kumar Roy
 
DOCX
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
PPTX
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
PDF
DOC-20250806-WA0002._20250806_112011_0000.pdf
dhanusriss08
 
PDF
Reconciliation AND MEMORANDUM RECONCILATION
MANJU N
 
PPTX
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
PDF
Ôn tập tiếng anh trong kinh doanh nâng cao
thaoonguyenn2311
 
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
DMT - Profile Brief About Business .pptx
AkhileshKumar724847
 
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
Dr. Enrique Segura Ense Group - A Self-Made Entrepreneur And Executive
Dr. Enrique Segura Ense Group
 
CkgxkgxydkydyldylydlydyldlyddolydyoyyU2.pptx
DSAISUBRAHMANYAAASHR
 
20250805_A. Stotz All Weather Strategy - Performance review July 2025.pdf
FINNOMENAMarketing
 
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
A Brief Introduction About Julia Allison
Julia Allison
 
340036916-American-Literature-Literary-Period-Overview.ppt
carinaherdiles611
 
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
Hindu Circuler Economy - Model (Concept)
Avijit Kumar Roy
 
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
DOC-20250806-WA0002._20250806_112011_0000.pdf
dhanusriss08
 
Reconciliation AND MEMORANDUM RECONCILATION
MANJU N
 
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
Ôn tập tiếng anh trong kinh doanh nâng cao
thaoonguyenn2311
 

Whitepaper: Security of the Cloud

  • 1. WHITE PAPER SECURITY OF THE CLOUD Enterprise IT is transitioning from the use of traditional on-premise data centers to hybrid cloud environments. As a result, we’re experiencing a paradigm shift in the way we must think about and manage enterprise security. From Four Walls to No Walls Until now, the conventional view on IT security has been that applications and data are safe because they’re physically housed within the confines of a company’s data center walls using company-owned equipment. So, it’s not surprising that many decision makers perceive greater risks as they trade physical assets for cloud-based solutions. Pre-cloud, data security focused on physical access and control, network security, and device threats. However, in the cloud world, OPEX infrastructure models are the norm. Corporate data constantly moves to/from company-owned equipment, to/from non-corporate devices, and it traverses both Layer 2 and Layer 3 network segments. IT personnel need to address encryption, authentication, and authorization (identity management) security strate- gies at the physical, data link, network, transport, session, presentation, and application layers. The majority of the security budget once went to protecting the perimeter of the enterprise. Now, because of compliance mandates and the nature of cloud computing, security must be woven into every functional area of the company— from each business unit’s infrastructure and line of business applications to externally sourced SaaS service agreements and identity management systems. Note that it’s important to consider the dynamics of security within the cloud whether you adopt cloud-based application delivery or not. CONSIDERTH E DY N A M I C S O F S E CU R IT Y WITH I N TH E C LO U D
  • 2. WHITE PAPER SECURITY OF THE CLOUD PAGE 2 Business-Critical Computing in the Cloud YOUR CHALLENGE: ADOPT CLOUD AND SECURE IT Cloud computing opens up new avenues of collaboration, cost management, and convenience. Now you have a more agile way to deliver business-critical information with business partners, consumers, and end-users. You can minimize operational expenses by leveraging pooled resources and paying for just what you need, as you need it. And you can support the convenient mobile data access your users demand. Business-critical computing on-premise » Over-buying to meet highest anticipated demand » Dedicated storage » Dedicated compute » Control: only the devices are mobile, not the apps » Security budget dedicated to protecting the perimeter and controlling access Business-critical computing in the cloud » Pooled resources, scale on-demand » Shared networking and compute in public clouds » Delivery via the Internet in public clouds » Security must be embedded within every layer and application when delivering via public infrastructure » Private hosted clouds can be leveraged to deliver cloud economics without re-architecture Cloud computing paves the way for IT advancements. But, without the proper cloud security mechanisms in place, your enterprise risks data leaks and security breaches. Cloud security fortifies IT efforts at every layer. The strength of that security depends upon the type of cloud you choose, the infrastructure supporting it, your service providers, and the identity management tools you use to collaborate with employees, partners, and consumers. Security in Public, Private and Hybrid Clouds Cloud computing can be divided into two general camps: public, in which the network, compute, and storage are multi-tenanted with little or no SLA on availability; and private, in which resources are dedicated, architected for high availability, and backed with SLA guarantees. When it comes to flexibility and economy, both types of cloud deliver with ease. When it comes to security, how- ever, private clouds can offer significant advantages over public. PUBLIC The public cloud can be a hostile environment. You will have limited or no visibility into the underlying infrastructure and security controls. Nor will you have control over who’s sharing your resources and the risks they could potentially introduce into the host system or data stores. Therefore, public clouds require a holistic approach to security: every component of the infrastructure must be secure and auditable in order to support business-critical computing and compliance. Tips when considering public cloud » Be wary of network QOS and DDOS mitigation. Your public cloud probably doesn’t manage this for you. » Be wary of noisy neighbor syndrome. Does your provider offer performance guarantees? » Ensure adequate data security and firewalling of your environment. » Ensure adequate authentication and security controls. Fortunately, tools are being developed to give IT administrators back some level of control over data in public clouds. Citrix, NetApp, and VMware each offer forms of cloud-level data management. Citrix ShareFile, for example, provides a hybrid approach to public clouds. Data can live wherever it’s needed but is always under the control of the ShareFile control plane. Data can’t be shared without permission, and data that’s managed remotely can be wiped clean no matter what device it’s on. EVERYLEVELC LO U D S E C U R IT Y F O R T I F I E S IT DATA A N D S E C U R IT Y AT
  • 3. PAG E 3 PRIVACY AND SECURIT Y ARE THE LINCHPINS OF BUSINESS - CRITICAL COMPUTING PRIVATE A private cloud is a virtualized datacenter within the cloud. Think of it as relocating your data center to an offsite location: you have dedicated compute, network, and storage resources that you manage as your own, just like you did on-premise. In this way, you can leverage the economics of the cloud without reworking business processes and applications to accommodate the rigorous security demands of public clouds. In the case of Faction’s private hosted cloud, you can ‘come as you are’ and bring your own security (BYOS) or network (BYON) thanks in part to our Cloud’s Faction-to-Faction Layer 2 Direct Connect service. Private clouds are especially advantageous to shops with tight regulatory requirements or limited resources. Tips when considering private cloud » Make sure your cloud provider lets you bring your own security capabilities. Don’t settle for your provider’s options; use yours. You’ve tested it. You use it. You trust it. » Ask your provider about their private networking and vLAN capabilities. Ideally you want Layer 2 connections to/from your customer premise, data centers and from cloud to cloud. With Layer 2 you maintain network isolation and reduce complexities. At Faction, for example, customers can bring their network to our Cloud as-is. We eliminate the need to provision and manage complex firewalls, routers, and Spanning Tree Protocol [STP]. HYBRID In some cases, the best methodology will command the resources of both private and public clouds. This hybrid approach supports the shift from traditional, singlesystem to multi-tiered application deployment. It also increases the available resources for test and development, business continuity, and managing resource demand spikes. To support data privacy and prevent leaks, all data moving between private and public clouds must be encrypted, and access to it must be tied to user identities. Tips when considering hybrid cloud » Ensure your cloud provider offers flexible usage of their storage and compute resources. In other words, if all you need is storage, does your cloud provider allow you to just buy storage? » Determine whether your cloud provider gives you the ability to leverage existing tools, such as VMware APIs. » Make sure your cloud provider allows you the ability to provision and leverage your existing vLAN topology. With Layer 2 private connectivity, you can use the same connection to access both public and private resources while maintaining network separation between public and private environments. Fortunately, tools are being developed to give IT administrators back some level of control over data in public clouds. Citrix, NetApp, and VMware each offer forms of cloud-level data management. Citrix ShareFile, for example, provides a hybrid approach to public clouds. Data can live wherever it’s needed but is always under the control of the ShareFile control plane. Data can’t be shared without permission, and data that’s managed remotely can be wiped clean no matter what device it’s on. Compliance and the Cloud Service Provider Whichever type of cloud strategy you choose—public, private or a combination of both—your cloud provider will play a key role in its success. You’ll have many factors to consider in selecting your provider, but for the purposes of this paper, we’ll focus on compliance, since customer privacy and data security are the linchpins of business-critical computing for many industries. (For more insight into the many factors to consider, read our whitepaper, Tips for Selecting Your Cloud Service Provider.) To make sure the service provider can live up to the promises they’re making, ask for the results of a third-party compliance audit. Look for audit capabilities like SSAE-16 SOC 1/2 and the ability to ink HIPAA Business Associate Agreements (BAA). Many agreements are multi-layered these days, so a key differentiator among cloud providers is their ability and willingness to work with consulting firms and other business entities to execute on these agreements. Keep in mind that certifications are often only a stepping stone to actual audit performance. Be sure the provider has the personnel to support your audits and is willing to adapt to your individual needs rather than dictating how you should approach security. If you can take advantage of a provider’s ability to be flexible with Layer 2 networking, for example, you’ll benefit from a compliance cost standpoint because it allows you to recoup your network and security architecture investment and limit your exposure to risk by minimizing technology changes and subsequent process change.
  • 4. PAGE 4 Identity Management and Application Integration Adopting applications in the new world of the cloud isn’t just a matter of selecting the best applications to get the job done. Now you need to figure out how each application will integrate with your authentication (identity management) requirements. For example, requiring users to maintain multiple logins for multiple applications often negates the convenience factor of cloud access and injects new risks. From a human interaction standpoint, it erodes efficiency and security (who can remember all those logins and passwords without writing them down somewhere?). Instead, use identity management tools to rapidly provision and deprovision users while maintaining the convenience of simple logon processes. There are a variety of ways to achieve a secure hybrid cloud deployment. Methods for securing hybrid cloud deployments: » Use secure file sharing tools to allow data sharing while controlling compliance » Use identity management tools to rapidly provision and de-provision users » Implement single sign-on (SSO) to eliminate password proliferation and the associated risks » Utilize multi-factor authentication mechanisms as required » Integrate new applications with identity management systems » Drive higher levels of access control to data and databases As we tear down the walls protecting the perimeter of our enterprises and open new conduits to communication, collabo- ration, and mobility, most IT departments have moved security and data privacy to the top of their priority lists. And for good reasons: maintaining compliance, protecting reputations, and improving workforce productivity to name a few. Fortunately, security and cloud computing aren’t mutually exclusive. Secure cloud computing can be achieved with the proper tools, service providers, business associate agreements, and the deliberate integration of applications and enterprise-wide identity management systems. About Faction Faction is an enterprise-class IaaS cloud service provider offer- ing private, public, hybrid cloud solutions through channel partners. At Faction we supply cloud the way you want it with extreme performance, deep control, and broad customization capabilities. When you join the Faction fold, you take back the keys to your kingdom. Reign as supreme commander in chief of your cloud. No compromises. No exceptions. Faction is the only cloud that offers patented plug-and-play direct connections (via layer 2) into its cloud resulting in huge time savings (no time spent re-configuring everything)! With Type II SSAE 16 and SOC 1 2 compliant cloud nodes in eight geographies across the United States and in Europe (Seattle, Santa Clara, Denver, Chicago, Atlanta, New Jersey, New York, and the United Kingdom), Faction offers both Cisco UCS and Open Compute platforms, is a Platinum-level NetApp Service Provider, and is VMware vCloud® Powered. For more informa- tion, visit www.factioninc.com or call (855) 532-4734. RICKVINCENTDIRECTOR OF SOLUTIONS ENGINEERING About the Author As Director of Solution Engineering for Faction, Richard Vincent is responsible for architecting robust IAAS solutions, for channel partners and enterprises, enabling them to conduct business with compelling differentiation. Prior to joining Faction, Mr. Vincent served as a Storage Solution Executive at Dell, performed as an independent cloud consultant, and held the position of Director, Data Center Computing for Global Technology Resources, Inc GTRI. Mr. Vincent is a graduate of the University of Georgia, College of Business and is fluent in the Japenese language. www.cloudsmartz.com Copyright 2015 CloudSmartz, Inc. All Rights Reserved. All other logos and trademarks are the property of the respective trademark owners. 1-800-836-2050