Welcome!

SDN Journal Authors: Pat Romanski, Destiny Bertucci, Liz McMillan, Elizabeth White, Amitabh Sinha

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Security and Availability Techniques for Cloud-Based Applications

High-quality experiences are not only expected but also increasing as consumer experiences penetrate the enterprise

Enterprise organizations are bombarded daily with the myriad reasons to deploy their line of business applications in the cloud. Efficiency, flexibility, cost savings, agility - and the list goes on and on - are just some of the benefits exhorted by cloud computing supporters. And industry analyst firms such as Gartner believe these various benefits will help drive spending on cloud services to $210 billion in 2016 [1].

By all accounts, the future of cloud computing is anything by cloudy. Unfortunately, that assessment doesn't paint a complete picture of everything impacting cloud adoption at the enterprise level. High-profile outages at several different cloud providers have led some to question whether or not the cloud is reliable enough to trust to "important" applications. The typical argument goes something like this: "The Internet is great, but it wasn't really designed for business use. I need to be really careful about what kinds of applications I put in the public cloud. In other words, it's okay if email is out for a couple of hours, but we certainly couldn't endure extended downtime if our supplier portal was inaccessible."

It's not just reliability and availability that have some IT managers questioning whether or not the cloud is right for them. Most enterprises have spent significant time, effort and budget developing and implementing information security strategies designed to protect their applications from a whole host of threats - from distributed denial of service attacks to attempts targeted at the application layer intended to facilitate data exfiltration or cause other malicious results. Today's datacenters can sometimes resemble digital fortresses, and the belief that it may be near impossible to replicate these enterprise defenses in the cloud has some organizations believing cloud computing just isn't right for them. Really, what cloud provider is going to let a customer deploy their equipment, their custom configurations, their anything in the public cloud provider's environment? It's just not going to happen.

Does that mean that the promise of cloud only applies to consumers looking for a place to store digital copies of their favorite albums and movies, vacation snapshots and the latest Dan Brown thriller? Are enterprises only going to trust the cloud for developer sandboxes and less than business-critical applications? The answer to both these questions is a resounding no. Many studies show that public cloud adoption is on the rise and the types of workloads moving to the cloud are expanding to all parts of the organization. Finding solutions that can overcome the security and availability concerns in public cloud environments (because security and availability ultimately go hand in hand) is of paramount concern.

A Fortress in the Cloud
All public cloud providers - IaaS, PaaS, SaaS, whichever permutation you choose - have their own perimeter defenses in place designed to protect their and their customers' cloud assets. Just like any enterprise, cloud providers have spent considerable time and effort developing, deploying, maintaining, and modifying when necessary, their security postures. Offering the most secure and highly available cloud platforms possible is fundamental to the long-term success of these providers. The only problem? These security measures aren't yours. And, according to a recent survey by IDG Enterprise, security policy enforcement is a top concern of organizations using cloud services, with 59 percent of respondents indicating uncertainty in this area [2]. Similarly, 56 percent of respondents to the same survey reported that the ability of cloud providers to meet organizational compliance requirements was required before fully embracing the cloud [3]. Even further, the availability options in public cloud environments are localized and at best contained within that cloud provider.

Where does that leave enterprise IT managers who want to put the cloud to work for their business without raising the ire of their colleagues in InfoSec while also ensuring that no catastrophic event can leave their applications unresponsive? If we stay with the fortress metaphor, the easy answer is to build a digital moat around whichever cloud service they're using to add an extra layer of protection for the applications and assets that have been hosted in the cloud as well as real-time intelligence to detect and react against deteriorating response times or worse, no response to user requests

Using a Cloud Service to Protect and Improve the Cloud
The ability to deploy cloud-based security and availability services to protect cloud-based assets gives today's enterprises an innovative approach to helping address the perceived limitations of the cloud providers' traditional perimeter and internal solutions. Adding a globally distributed layer of defense, which is instantaneously scalable and able to detect problems in real-time, can help deliver a level of protection that is orders of magnitude greater than any centralized defense.

In addition, cloud security and availability solutions offer unprecedented flexibility across a broad set of protective capabilities as well as load balancing capabilities that can be combined with failover logic in a powerful way. This allows companies who are leveraging multiple cloud environments to leverage standardized, just-in-time defenses that help them adapt to rapidly changing risks and conditions both in front of and within their cloud environments. These services help IT managers set up systems that automatically react to and protect against unforeseen new threats, while also ensuring responses to end users during unexpected downtime. As important, these defenses follow all of the application owner's established security processes, procedures and configurations no matter where the application moves to ensure utmost availability.

Even as the industry is recognizing that the conventional "defend the fort" mentality is no longer proving sufficient for a traditional enterprise, it is even less so for the cloud. Instead, to mitigate today's pervasive and evolving threats, enterprises that have moved to the cloud (or are thinking of it) need to embrace the distributed nature of the Internet to use its scale and flexibility to their advantage when implementing a defense and ensuring uptime.

Doing so, especially when one takes into consideration the security and availability measures undertaken by the cloud provider, helps to create overlapping layers of security and redundancy that employ a diverse set of tactics to protect against threats and downtime. Cloud-based security and availability provides a critical layer within this approach, helping to overcome limitations inherent in more rigid, traditional perimeter defense solutions. As with the cloud computing services they can be used to protect, cloud-based security and availability solutions offer cost-effective, on-demand capabilities that reduce IT planning and maintenance overhead.

Not all cloud security and availability services are created equal, however. In order use the unique strengths of the cloud to their advantage, IT managers must seek out cloud security and availability solutions that leverage a highly distributed, multi-network platform - one that can deliver massive scale at the edges of the Internet, be 100 percent available, protect cloud assets and applications by deflecting attacks closer to their source and react in real time to changing conditions in cloud environments. Offerings built on this type of architecture help organizations combat today's Internet threats and availability challenges through capabilities such as:

  • Extensive Scalability. Only a large, highly distributed architecture can withstand and deflect attacks of the magnitude being observed today. The key is using a service that can scale instantaneously and on demand.
  • Flexibility and Adaptability. By offering the ability to provision a variety of capabilities quickly and easily, without requiring changes to core infrastructure, cloud-based security and availability solutions are designed to enable effective defenses that are adapted to each unique attack or availability problems. Enterprises can employ new business logic, use targeted capabilities, and turn strategies on and off as warranted to best counteract the specific attack while maintaining availability for legitimate users - all without having to involve the cloud hosting provider.
  • Cost Efficiency. Cloud security services help enable organizations to overcome the costly problem of "guessing right" in their defense and capacity planning. Capabilities and resources are cost-effectively provisioned on-demand, as needed, with a goal of ensuring that businesses have exactly the right amount provisioned at all times.
  • Superior Redundancy. Unlike centralized architectures, a defense layer that spans multiple points of presence is structured to offer unmatched, built-in reliability and redundancy against the Internet's many potential threats and failures.
  • Cloud Load Balancing. Real-time capabilities that allow users to weight load across multiple sources, create sophisticated failover rules across cloud locations or providers
  • Improved Performance. Traditional defense systems typically sacrifice performance for security, but a highly distributed platform boosts response times instead by handling requests at the edge of the Internet and counteracting attacks at their source.
  • Holistic Integration. A successful security strategy requires overlapping security layers that work in concert. Cloud security and availability services should work in tandem with those of the cloud provider to deliver additional robustness for the existing security architecture.

Conclusion
The enterprise move to the cloud is taking place in concert with a marked increase in the size and sophistication of Internet threats. As attacks continue to multiply, businesses need to be more vigilant than ever in protecting their digital infrastructure and assets. Effective security for cloud-based assets requires a security strategy that can effectively augment the traditional, centralized protections offered by the cloud provider with a primary cloud-based outer ring of defense to provide the scalability and flexibility that the current caliber of threats demands.

High-quality experiences, whether that means fast response time or highly dynamic and collaborative applications, are not only expected but also increasing as consumer experiences penetrate the enterprise. Companies must meet those demands while not compromising the overall experience. Cloud-based security and availability services can offer clear advantages in terms of scalability, flexibility, capacity planning, and cost. In this brave new world, the Internet cloud is the enterprise perimeter, and robust security and availability for cloud assets requires embracing the cloud even further.

Distributed denial-of-service attacks are but one example of the myriad threats organizations face today, but they highlight the limitations of conventional, centralized perimeter defense solutions and emphasize the clear advantages that cloud-based security can offer in terms of scalability, flexibility, capacity planning, and cost.

References

1.       Gartner, Forecast: Public Cloud Services, Worldwide, 2010-2016, 4Q12 Update

2.       2013 IDG Enterprise Cloud Computing Study

3.       Ibid

More Stories By Gary Ballabio

Gary Ballabio is a Product Line Director responsible for Akamai's Enterprise Cloud Solutions portfolio. In his role, he runs Akamai's Terra Alta, Web Application Accelerator and Cloud Monitor services, which target major Enterprise based initiatives centered around Cloud adoption, Big Data and Mobile/BYOD. A 13 year veteran at Akamai, Ballabio has also held leadership roles in Engineering, Sales Engineering, Account Management and Professional Services covering teams in the US, Europe and Asia.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, discussed how given the magnitude of today's application ...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve f...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone in...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launching ...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.