With the New Year having rolled in, you’ve probably had your fill of “This is the year of (pick your technology, fill in the blank)” predictions. After all, for how many years now have we heard, “This is the year for cloud computing?” While there’s no doubt that the wave of cloud computing continues to swell, real-world IT organizations are clearly not as quick to jump aboard as prognosticators. That’s because there are a lot of unknown aspects of the cloud, and security is chief among them.
Deployment of cloud applications is 
daunting when you consider the risks of having applications, infrastructure, IP and private information in the cloud. While we’re still learning how to harness the powers of the cloud, there are several things we know right off the bat: we must secure cloud servers, including our applications and data; and we must have cloud security that is simple, manageable and scalable – ensuring that our cloud security is as elastic as the infrastructure it protects.
You Can’t Secure What Can’t Be Managed Traditional, on-premise security fails to cover the cloud, and there’s a huge gap between what the big security vendors market and what they actually deliver. Nearly every facet of modern security was designed to manage security from inside the perimeter, yet when you consider security in the cloud there is no perimeter to defend. Our modern security is designed to protect a legacy infrastructure – one where we have a physical corporate border, with all of our infrastructure and applications safely secured therein. Conversely, however, the cloud is inherently outside that secure border, and the perimeter thus shrinks to the individual cloud server. What’s more, once enterprises place applications and data in the perimeter-less cloud, the security game changes.
Today the cloud is eroding the mega-perimeter and that’s left the enterprise with a real predicament: how the business can benefit from the cloud without putting it at risk. When it comes to cloud security, elasticity and efficiency of management are as important as security. The cloud is infinitely and immediately scalable, and when the perimeter shrinks down to the individual cloud server, it multiplies. Now enterprises aren’t just managing one perimeter, they’re managing potentially thousands of perimeters. In the blink of an eye an enterprise can scale from one server to one hundred and one.
In today’s world of automated infrastructure, if security is manual it won’t be sustainable. Generally speaking, security that’s cumbersome and complex is security that goes unused. Thus, if cloud security management is not automated, controls are discarded, mistakes are made, and servers and infrastructure are left vulnerable. Access Is Needed in the Cloud…But Not Without Risk With cloud computing, IT administrators can’t just walk down the hall to the servers – they’re remote, after all.
Organizations need to have a means of connecting to their remote servers, one that is both easy and secure. That’s easier said than done. Many cloud server administrators today leave server firewall ports open (e.g., SSH or RDP) so they can connect to and manage their cloud servers. They’ve done so for years in their own premise data centers, where every server is behind the corporate perimeter and firewall. When an administrator leaves SSH ports open on an on-premise server, there is no great risk. It’s like leaving your car unlocked in your locked garage – you have a perimeter around the car, maybe even an alarm system on the house, and – barring teenagers – you trust the people in your house not to steal your car. When that same server is moved to the cloud, however, it’s now outside that corporate perimeter / firewall, and keeping those ports open introduces an abundance of risk. That’s because open ports on a cloud server leave it exposed to anyone – including hackers – who can gain control simply by guessing (or brute forcing) the administrator credentials. This is akin to leaving your car unlocked in a public parking lot.
According to a recent report by the Ponemon Institute titled Managing Firewall Risks in the Cloud, 54% of IT personnel say they have no knowledge of the risk of open firewall ports on cloud servers. Enterprises admit they just don’t yet fully understand the dynamics of cloud infrastructure and its risks, due in part because they’re merely applying known security methodologies used in the traditional enterprise, but also because there really isn’t a robust security toolset available from today’s cloud providers. In fact, the cloud has grown so quickly that what’s available from service providers is often limited, complex and manually operated, and is isolated to each provider’s cloud.
Who Takes Responsibility for Cloud Security? According to the Ponemon Institute study on cloud security, 39% of IT security personnel said their cloud provider would inform them if their cloud servers were hacked. These folks are likened to “wishful thinkers.” Perhaps even more concerning, 42% said they would NOT know if their cloud server was hacked, and of those who know, 19% said they already have been attacked. Clearly there’s a big gap in cloud security, a misconception of who is responsible for cloud security, and this issue is the top inhibitor to customer adoption. It all adds up to one thing: service providers need to offer more security to their customers. By offering security services (i.e., those that the customer can opt-in, deploy, and self-manage), providers will address the security issue head-on without eating into their margin or taking responsibility themselves. In fact, by making services such as encryption, firewalling, and identity management available as a premium add-on, providers will increase their margins, differentiate their services, and accelerate cloud adoption.
The Firewall Remains the First Line of Defense Many understand that one of the most important security requirements, and the first line of defense, is the firewall. In fact, according to the Ponemon report referenced earlier, 73% of IT personnel believe the cloud server firewall is the first place to start when securing the cloud server. Every cloud server has a firewall built-in, but it’s often unusable because of the complexity required to manage it. Administrators lack experience managing IP tables, or don’t want to have to deploy and manage redundant firewalls. Instead, another option is to deploy dedicated gateway firewalls in the cloud, which is entirely antithetical to the cloud. As it turns out, however, the cloud server firewall is – bar none – the best place to stop attacks and prevent exploits of OS and application vulnerabilities. Every cloud server has one. The challenge is: How do you manage the cloud server firewall efficiently? The answer: automated cloud server firewall management. This type of service enables cloud users to manage firewalls across all servers and clouds – from Windows to Linux, and from the private to the public cloud. In doing so, customers get security and manageability, while hosting providers address customer’s security issues directly. Firewall management services allow you to set policies simultaneously for multiple servers, enable on-demand secure access, and close ports otherwise left open and vulnerable to hackers.