Why Cloud Security Beats Your Data Center
When it comes to IT security, cloud computing has established a fairly bad reputation -- and perhaps rightly so. Moving beyond traditional perimeter security into public, private, and hybrid cloud architectures stretches the capabilities of traditional security tools. It creates new security holes and blind spots that were not there previously. But cloud security is looking brighter by the day, and very soon cloud security tools will outmatch any type of non-cloud parameter security architecture.
In many ways, cloud security is gaining in strength based on a seemingly inherent weakness. Cloud service providers are in a unique position to absorb vast amounts of data. Because large clouds are geographically dispersed in data centers around the globe, they can pull in all kinds of security intelligence as data flows in and out of the cloud. This intelligence can then be used to track security threats and stop them far more quickly.
When enterprises finally embrace the idea of cloud computing, it doesn't become simply an extension of the traditional enterprise network. It becomes the central focus. End-users access the cloud through any number of different entry points, such as private WANs or the public Internet. Because the cloud is a centralized point of entry for customers, it becomes the ideal location for securing client/server communications as well as a single point of management for encryption keys.
Finally, as cloud computing evolves alongside software-defined technologies, it allows for end-to-end visibility from a security protection standpoint. Never before have IT security administrators had the ability to create software overlays, which virtually flatten networks so that security postures can be streamlined and easier to manage.
For years, cloud computing progressed at a faster rate than cloud securitycould protect it. Starting in 2015 and beyond, that gap looks to be closing. Here, we present several cloud security tools and architectures that we believe will become mainstream for enterprises that leverage cloud computing services. If you continue to be concerned with protection of sensitive data in the cloud, you have a new perspective on cloud security after considering these options.
Big Data Threat Intelligence
Public clouds are well positioned to be turned into data-security aggregators. The ability to pull in Internet data, such as website requests and email samples, can be run through big data security-intelligence systems to discover malware and network intrusion attempts around the globe. The faster we can leverage the cloud to pinpoint threats and accurately assess their scope, the faster we can make changes to our infrastructure to protect against those threats.
Encryption Certificate And Key Management
Encryption is an increasingly important part of any enterprise environment that moves data beyond traditional security borders. One major encryption problem for IT is certificate and key management. Security companies such as Venafi, which was recently backed by Intel in a $39 million round of funding, offer a complete certificate and key management system to enterprises seeking to encrypt all cloud traffic. This process includes not only keeping track of keys and certificate expiration dates, but also system-level scanning to identify lost or forgotten keys/certificates all the way out and into the cloud.
Self-Healing, Retroactive Malware Protection
Thanks to big data security aggregators in the cloud, we not only have a better chance at stopping malware before it infiltrates an enterprise, we also have a better shot at repairing malware damage after the fact. Data regarding all network modifications across corporate and cloud networks will be collected and organized. When malware breaches are discovered, this information can be used to identify and retroactively revert any file adds or changes that malware made on a system.
Baked-In Security
With an Internet of Things (IoT) revolution close at hand, cloud and IT security vendors are challenged with the task of figuring out how to secure billions of IoT devices. Because IoT endpoints and sensors will communicate directly with the cloud, it only makes sense to bake in tight security that allows IoT devices to only communicate to the cloud -- and be automatically updated with new security policies without human intervention.
End-To-End Visibility
Thanks to cloud software-defined network (SDN) advancements, blind spots that have been the bane of cloud security will soon be a thing of the past. SDN can overlay the complexity of cloud networks to create a virtual network that is far easier to manage. By doing so, it allows IT admins to see across the entire network and control data flows and security policies as they see fit. Ultimately, we're talking about improved security posture, accelerated incident response, and an enhanced understanding of where enterprise data actually is (and who's accessing it) while it resides in the cloud.
DDoS Shock Absorber
While distributed denial of service (DDoS) attacks have been around for decades, their sophistication and impact are on the rise. Traditional enterprise architectures cannot protect themselves from large-scale DDoS attacks using on-premises equipment, simply because the DDoS will fill up the network connection much faster than can be mitigated. The key to DDoS protection is to stop the attack before it zeros in on your enterprise's doorstep. Cloud service providers such as Akamai and CloudFlare leverage their massive cloud presence to absorb the impact (much as a shock absorber does) as it passes through their cloud data centers. The result is that the DDoS attack is stopped before it ever reaches your network edge.
Conclusion
Cloud-focused security tools are shaping up quite nicely in 2015. As organizations continue to focus on cyber-security threats, the cloud will likely become a key source for protecting your enterprise from external threats. We'd like to hear your thoughts on cloud security and the impact you feel it will have on the enterprise. Please share your feedback in the comments section below.