Limitless scalability, unparalleled flexibility and speed are making cloud computing a viable option for enterprises. Whether IT departments like it or not, business units are increasingly moving data and workloads out of the data center and onto public cloud infrastructure.
However, while ‘shadow IT’ may seem like a great idea to users, a lack of control and inherent security issues present IT departments with a big problem – how to safely and securely move sensitive workloads to the cloud while avoiding the challenges caused by other tenants and malicious threats.
Don’t worry – there are ways to deal with this seemingly intractable challenge. Enterprises can take control over their security postures in the public cloud without huge performance and complexity trade-offs. Here are four ways to ensure your workloads are secure in the cloud.
Think your data is secure because it’s in your data center? Think again. High-profile breaches at Target (News - Alert) and others have shown that physical control over data doesn’t mean it is secure. The key is to encrypt everything…and we mean everything. Broaden encryption policies to ensure entire workloads are encrypted in the cloud so that all your data is completely opaque to underlying providers and other tenants. This includes encrypting all virtual machines or container instances as well as attached storage—root volumes, data volumes and server-based instance storage. Encrypting everything provides a new boundary that secures enterprise assets wherever they are.
2.Ensure Full Visibility through Authentication
Encryption creates opacity to the outside world, but the next step is to implement authentication for full visibility. Executed well, this powerful security measure allows you to identify, authorize, verify and track every user, every resource and every access request to any application or data. It is even possible to extend authentication beyond the user and ensure that workloads only launch after pre-boot authentication to prevent any backdoor, unauthorized access.
3.Extend Existing Policies and Maintain Full Control
IT security has spent years and millions of dollars investing in corporate security policies and systems to protect enterprise applications and data. Moving workloads to the public cloud should not mean they have to leave those policies behind or improvise a solution. Take back control by creating and enforcing security policies consistently across multiple cloud environments. Make sure you get audit trails and reports for user and system activity so you can detect, prevent and mitigate the impact of any security-related incidents. Insist on maintaining ownership of trust anchors – such as key appliances, directory services and certificate authorities. In this way you can apply your best practices – for example, regularly rotating keys and re-keying data on storage volumes. This ensures that security is rooted in trust anchors that are always under your absolute and authoritative control.
4.Make Security Consistent, Transparent and Operationally Simple
Having identified the key pieces of your cloud security infrastructure, one hurdle remains. Too many security approaches – whether agents or
appliances – add performance and complexity trade-offs to the mix. The final key to effective cloud security is to use solutions that integrate security into the infrastructure. Security needs to be transparent to applications and applied consistently across computing environments – whether workloads are run in the data center, in a private cloud or on public cloud infrastructure.
With everything that the cloud has to offer – limitless capacity, on-demand flexibility and speedy deployment – enterprises have to find a way to make it work for them. Encrypting all workloads, implementing authentication, maintaining ownership of security policies and ensuring security is transparent to applications gives enterprises the ability to confidently leverage the public cloud while still providing the visibility and control they need. Let’s get to work!
Wei Lien Dang, Senior Product Manager, Bracket Computing.