Alastair Hartrup's article on Cloud Security gets picked up by DataCenter Dynamics.
Fifty-two years after the release of the very popular Rolling Stones song, the words “get off of my cloud” are taking on a completely new meaning. While Mick Jagger might have been pleading for some peace and quiet, today’s pleading is for unauthorised hackers to stay away from confidential and proprietary information stored in a very publicly accessible place.
This brings up an important point. Why would a company place their information that is the heart of their business in the hands of a stranger in a strange land? On the surface that sounds ludicrous. However, there are good reasons that companies are moving their IT infrastructure to the cloud.
I says, Hey! You! Get off of my cloud
Source: The Rolling Stones, Decca
The capital expenditure and operational expenditure of an in-house IT system is a very large investment. When companies decide where to place their scarce investment money, it is becoming increasingly popular to place those funds in line of business investments that will provide profits rather than support infrastructure.
This is particularly relevant for small and medium sized businesses. However, even for larger business, the trend is to focus the IT staff on special high-value projects rather than day to day infrastructure and operations. Relying on cloud infrastructure also simplifies growth and technology upgrades. Thus, we see the continued growth of cloud computing.
Along with the rapid growth of cloud-based infrastructures comes double digit growth of cloud infrastructure monitoring. Continuous monitoring is important for a variety of reasons including basic network traffic analysis and resource planning, receiving alarms of outages, bottlenecks or unanticipated heavy traffic periods. Monitoring, of course, is also a critical initial component for network security and protection against crippling malware.
According to a Ponemon Institute report, the Global Cloud Data Security Study, companies are not doing a very good job of securing the confidential information stored in the cloud. Respondents included IT professionals from around the world. Over half believed that their companies did not employ a proactive approach to compliance with privacy and data security regulations in a cloud environment. Most of the respondents (56 percent) also believed that their companies were not as careful with private customer information stored in the cloud.
Some general recommendations noted in the report are for companies to make broader use of encryption when data is stored in the cloud. Further, comprehensive policies should be developed that govern what information should and should not be stored in the cloud. Finally, continuous monitoring and security measures should be implemented by the company and the cloud service provider.
Cloud providers are offering enterprise monitoring services in IaaS environments with a goal of allowing more management control to the client company. EarthLink, for example, offers a server monitoring and management service as well as a network monitoring and management service for cloud customers.
Comprehensive monitoring services require access and visibility to data flows in a network. In order to establish a monitoring program that includes network analysis, application performance and acceleration, intrusion prevention, data loss protection, encryption/decryption offloading and other specialized services, numerous appliances may be required. Packet Brokers give access to the network traffic and help enterprise networks and cloud service providers manage the panoply of appliances that are required for robust monitoring.
Packet Brokers provide the physical access ports required to connect monitoring appliances but that is only the beginning. Intelligent features like filtering and port mapping ensure that the right information is sent to the right appliance. Access ports are protected from unauthorized access, and fail-over features help maintain network operation when appliances lose power or are out of service. Packet Brokers also allow safe removal of redundant data. Not all traffic that flows through a Network Packet Broker is useful – some data may be duplicated.
To save time and processing power, duplicate packets and other redundant data can be removed before reaching monitoring and security tools. During this process it’s imperative that relevant original data isn’t accidentally dropped. Additionally, having a network TAP working alongside your Packet Broker provides the first layer of network visibility. So in 2017, The Rolling Stones might now be singing, “Hey! You! Get on my cloud” - but only if they have good access traffic control implemented, as well as good security.