Welcome!

SDN Journal Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Security and Availability Techniques for Cloud-Based Applications

High-quality experiences are not only expected but also increasing as consumer experiences penetrate the enterprise

Enterprise organizations are bombarded daily with the myriad reasons to deploy their line of business applications in the cloud. Efficiency, flexibility, cost savings, agility - and the list goes on and on - are just some of the benefits exhorted by cloud computing supporters. And industry analyst firms such as Gartner believe these various benefits will help drive spending on cloud services to $210 billion in 2016 [1].

By all accounts, the future of cloud computing is anything by cloudy. Unfortunately, that assessment doesn't paint a complete picture of everything impacting cloud adoption at the enterprise level. High-profile outages at several different cloud providers have led some to question whether or not the cloud is reliable enough to trust to "important" applications. The typical argument goes something like this: "The Internet is great, but it wasn't really designed for business use. I need to be really careful about what kinds of applications I put in the public cloud. In other words, it's okay if email is out for a couple of hours, but we certainly couldn't endure extended downtime if our supplier portal was inaccessible."

It's not just reliability and availability that have some IT managers questioning whether or not the cloud is right for them. Most enterprises have spent significant time, effort and budget developing and implementing information security strategies designed to protect their applications from a whole host of threats - from distributed denial of service attacks to attempts targeted at the application layer intended to facilitate data exfiltration or cause other malicious results. Today's datacenters can sometimes resemble digital fortresses, and the belief that it may be near impossible to replicate these enterprise defenses in the cloud has some organizations believing cloud computing just isn't right for them. Really, what cloud provider is going to let a customer deploy their equipment, their custom configurations, their anything in the public cloud provider's environment? It's just not going to happen.

Does that mean that the promise of cloud only applies to consumers looking for a place to store digital copies of their favorite albums and movies, vacation snapshots and the latest Dan Brown thriller? Are enterprises only going to trust the cloud for developer sandboxes and less than business-critical applications? The answer to both these questions is a resounding no. Many studies show that public cloud adoption is on the rise and the types of workloads moving to the cloud are expanding to all parts of the organization. Finding solutions that can overcome the security and availability concerns in public cloud environments (because security and availability ultimately go hand in hand) is of paramount concern.

A Fortress in the Cloud
All public cloud providers - IaaS, PaaS, SaaS, whichever permutation you choose - have their own perimeter defenses in place designed to protect their and their customers' cloud assets. Just like any enterprise, cloud providers have spent considerable time and effort developing, deploying, maintaining, and modifying when necessary, their security postures. Offering the most secure and highly available cloud platforms possible is fundamental to the long-term success of these providers. The only problem? These security measures aren't yours. And, according to a recent survey by IDG Enterprise, security policy enforcement is a top concern of organizations using cloud services, with 59 percent of respondents indicating uncertainty in this area [2]. Similarly, 56 percent of respondents to the same survey reported that the ability of cloud providers to meet organizational compliance requirements was required before fully embracing the cloud [3]. Even further, the availability options in public cloud environments are localized and at best contained within that cloud provider.

Where does that leave enterprise IT managers who want to put the cloud to work for their business without raising the ire of their colleagues in InfoSec while also ensuring that no catastrophic event can leave their applications unresponsive? If we stay with the fortress metaphor, the easy answer is to build a digital moat around whichever cloud service they're using to add an extra layer of protection for the applications and assets that have been hosted in the cloud as well as real-time intelligence to detect and react against deteriorating response times or worse, no response to user requests

Using a Cloud Service to Protect and Improve the Cloud
The ability to deploy cloud-based security and availability services to protect cloud-based assets gives today's enterprises an innovative approach to helping address the perceived limitations of the cloud providers' traditional perimeter and internal solutions. Adding a globally distributed layer of defense, which is instantaneously scalable and able to detect problems in real-time, can help deliver a level of protection that is orders of magnitude greater than any centralized defense.

In addition, cloud security and availability solutions offer unprecedented flexibility across a broad set of protective capabilities as well as load balancing capabilities that can be combined with failover logic in a powerful way. This allows companies who are leveraging multiple cloud environments to leverage standardized, just-in-time defenses that help them adapt to rapidly changing risks and conditions both in front of and within their cloud environments. These services help IT managers set up systems that automatically react to and protect against unforeseen new threats, while also ensuring responses to end users during unexpected downtime. As important, these defenses follow all of the application owner's established security processes, procedures and configurations no matter where the application moves to ensure utmost availability.

Even as the industry is recognizing that the conventional "defend the fort" mentality is no longer proving sufficient for a traditional enterprise, it is even less so for the cloud. Instead, to mitigate today's pervasive and evolving threats, enterprises that have moved to the cloud (or are thinking of it) need to embrace the distributed nature of the Internet to use its scale and flexibility to their advantage when implementing a defense and ensuring uptime.

Doing so, especially when one takes into consideration the security and availability measures undertaken by the cloud provider, helps to create overlapping layers of security and redundancy that employ a diverse set of tactics to protect against threats and downtime. Cloud-based security and availability provides a critical layer within this approach, helping to overcome limitations inherent in more rigid, traditional perimeter defense solutions. As with the cloud computing services they can be used to protect, cloud-based security and availability solutions offer cost-effective, on-demand capabilities that reduce IT planning and maintenance overhead.

Not all cloud security and availability services are created equal, however. In order use the unique strengths of the cloud to their advantage, IT managers must seek out cloud security and availability solutions that leverage a highly distributed, multi-network platform - one that can deliver massive scale at the edges of the Internet, be 100 percent available, protect cloud assets and applications by deflecting attacks closer to their source and react in real time to changing conditions in cloud environments. Offerings built on this type of architecture help organizations combat today's Internet threats and availability challenges through capabilities such as:

  • Extensive Scalability. Only a large, highly distributed architecture can withstand and deflect attacks of the magnitude being observed today. The key is using a service that can scale instantaneously and on demand.
  • Flexibility and Adaptability. By offering the ability to provision a variety of capabilities quickly and easily, without requiring changes to core infrastructure, cloud-based security and availability solutions are designed to enable effective defenses that are adapted to each unique attack or availability problems. Enterprises can employ new business logic, use targeted capabilities, and turn strategies on and off as warranted to best counteract the specific attack while maintaining availability for legitimate users - all without having to involve the cloud hosting provider.
  • Cost Efficiency. Cloud security services help enable organizations to overcome the costly problem of "guessing right" in their defense and capacity planning. Capabilities and resources are cost-effectively provisioned on-demand, as needed, with a goal of ensuring that businesses have exactly the right amount provisioned at all times.
  • Superior Redundancy. Unlike centralized architectures, a defense layer that spans multiple points of presence is structured to offer unmatched, built-in reliability and redundancy against the Internet's many potential threats and failures.
  • Cloud Load Balancing. Real-time capabilities that allow users to weight load across multiple sources, create sophisticated failover rules across cloud locations or providers
  • Improved Performance. Traditional defense systems typically sacrifice performance for security, but a highly distributed platform boosts response times instead by handling requests at the edge of the Internet and counteracting attacks at their source.
  • Holistic Integration. A successful security strategy requires overlapping security layers that work in concert. Cloud security and availability services should work in tandem with those of the cloud provider to deliver additional robustness for the existing security architecture.

Conclusion
The enterprise move to the cloud is taking place in concert with a marked increase in the size and sophistication of Internet threats. As attacks continue to multiply, businesses need to be more vigilant than ever in protecting their digital infrastructure and assets. Effective security for cloud-based assets requires a security strategy that can effectively augment the traditional, centralized protections offered by the cloud provider with a primary cloud-based outer ring of defense to provide the scalability and flexibility that the current caliber of threats demands.

High-quality experiences, whether that means fast response time or highly dynamic and collaborative applications, are not only expected but also increasing as consumer experiences penetrate the enterprise. Companies must meet those demands while not compromising the overall experience. Cloud-based security and availability services can offer clear advantages in terms of scalability, flexibility, capacity planning, and cost. In this brave new world, the Internet cloud is the enterprise perimeter, and robust security and availability for cloud assets requires embracing the cloud even further.

Distributed denial-of-service attacks are but one example of the myriad threats organizations face today, but they highlight the limitations of conventional, centralized perimeter defense solutions and emphasize the clear advantages that cloud-based security can offer in terms of scalability, flexibility, capacity planning, and cost.

References

1.       Gartner, Forecast: Public Cloud Services, Worldwide, 2010-2016, 4Q12 Update

2.       2013 IDG Enterprise Cloud Computing Study

3.       Ibid

More Stories By Gary Ballabio

Gary Ballabio is a Product Line Director responsible for Akamai's Enterprise Cloud Solutions portfolio. In his role, he runs Akamai's Terra Alta, Web Application Accelerator and Cloud Monitor services, which target major Enterprise based initiatives centered around Cloud adoption, Big Data and Mobile/BYOD. A 13 year veteran at Akamai, Ballabio has also held leadership roles in Engineering, Sales Engineering, Account Management and Professional Services covering teams in the US, Europe and Asia.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian and Tiger Woods. Taylor recently became an advisor to cybersecurity start-up Path which helps companies make sure their websites are properly loading around the globe.
ClaySys Technologies is one of the leading application platform products in the ‘No-code' or ‘Metadata Driven' software business application development space. The company was founded to create a modern technology platform that addressed the core pain points related to the traditional software application development architecture. The founding team of ClaySys Technologies come from a legacy of creating and developing line of business software applications for large enterprise clients around the world.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in this new hybrid and dynamic environment.
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.
DevOpsSUMMIT at CloudEXPO, to be held June 25-26, 2019 at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 20% faster time-to-market, 22% improvement in quality, and 18% reduction in dev and ops costs, according to research firm Vanson-Bourne. It is changing the way IT works, how businesses interact with customers, and how organizations are buying, building, and delivering software.