Welcome!

SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Security and Availability Techniques for Cloud-Based Applications

High-quality experiences are not only expected but also increasing as consumer experiences penetrate the enterprise

Enterprise organizations are bombarded daily with the myriad reasons to deploy their line of business applications in the cloud. Efficiency, flexibility, cost savings, agility - and the list goes on and on - are just some of the benefits exhorted by cloud computing supporters. And industry analyst firms such as Gartner believe these various benefits will help drive spending on cloud services to $210 billion in 2016 [1].

By all accounts, the future of cloud computing is anything by cloudy. Unfortunately, that assessment doesn't paint a complete picture of everything impacting cloud adoption at the enterprise level. High-profile outages at several different cloud providers have led some to question whether or not the cloud is reliable enough to trust to "important" applications. The typical argument goes something like this: "The Internet is great, but it wasn't really designed for business use. I need to be really careful about what kinds of applications I put in the public cloud. In other words, it's okay if email is out for a couple of hours, but we certainly couldn't endure extended downtime if our supplier portal was inaccessible."

It's not just reliability and availability that have some IT managers questioning whether or not the cloud is right for them. Most enterprises have spent significant time, effort and budget developing and implementing information security strategies designed to protect their applications from a whole host of threats - from distributed denial of service attacks to attempts targeted at the application layer intended to facilitate data exfiltration or cause other malicious results. Today's datacenters can sometimes resemble digital fortresses, and the belief that it may be near impossible to replicate these enterprise defenses in the cloud has some organizations believing cloud computing just isn't right for them. Really, what cloud provider is going to let a customer deploy their equipment, their custom configurations, their anything in the public cloud provider's environment? It's just not going to happen.

Does that mean that the promise of cloud only applies to consumers looking for a place to store digital copies of their favorite albums and movies, vacation snapshots and the latest Dan Brown thriller? Are enterprises only going to trust the cloud for developer sandboxes and less than business-critical applications? The answer to both these questions is a resounding no. Many studies show that public cloud adoption is on the rise and the types of workloads moving to the cloud are expanding to all parts of the organization. Finding solutions that can overcome the security and availability concerns in public cloud environments (because security and availability ultimately go hand in hand) is of paramount concern.

A Fortress in the Cloud
All public cloud providers - IaaS, PaaS, SaaS, whichever permutation you choose - have their own perimeter defenses in place designed to protect their and their customers' cloud assets. Just like any enterprise, cloud providers have spent considerable time and effort developing, deploying, maintaining, and modifying when necessary, their security postures. Offering the most secure and highly available cloud platforms possible is fundamental to the long-term success of these providers. The only problem? These security measures aren't yours. And, according to a recent survey by IDG Enterprise, security policy enforcement is a top concern of organizations using cloud services, with 59 percent of respondents indicating uncertainty in this area [2]. Similarly, 56 percent of respondents to the same survey reported that the ability of cloud providers to meet organizational compliance requirements was required before fully embracing the cloud [3]. Even further, the availability options in public cloud environments are localized and at best contained within that cloud provider.

Where does that leave enterprise IT managers who want to put the cloud to work for their business without raising the ire of their colleagues in InfoSec while also ensuring that no catastrophic event can leave their applications unresponsive? If we stay with the fortress metaphor, the easy answer is to build a digital moat around whichever cloud service they're using to add an extra layer of protection for the applications and assets that have been hosted in the cloud as well as real-time intelligence to detect and react against deteriorating response times or worse, no response to user requests

Using a Cloud Service to Protect and Improve the Cloud
The ability to deploy cloud-based security and availability services to protect cloud-based assets gives today's enterprises an innovative approach to helping address the perceived limitations of the cloud providers' traditional perimeter and internal solutions. Adding a globally distributed layer of defense, which is instantaneously scalable and able to detect problems in real-time, can help deliver a level of protection that is orders of magnitude greater than any centralized defense.

In addition, cloud security and availability solutions offer unprecedented flexibility across a broad set of protective capabilities as well as load balancing capabilities that can be combined with failover logic in a powerful way. This allows companies who are leveraging multiple cloud environments to leverage standardized, just-in-time defenses that help them adapt to rapidly changing risks and conditions both in front of and within their cloud environments. These services help IT managers set up systems that automatically react to and protect against unforeseen new threats, while also ensuring responses to end users during unexpected downtime. As important, these defenses follow all of the application owner's established security processes, procedures and configurations no matter where the application moves to ensure utmost availability.

Even as the industry is recognizing that the conventional "defend the fort" mentality is no longer proving sufficient for a traditional enterprise, it is even less so for the cloud. Instead, to mitigate today's pervasive and evolving threats, enterprises that have moved to the cloud (or are thinking of it) need to embrace the distributed nature of the Internet to use its scale and flexibility to their advantage when implementing a defense and ensuring uptime.

Doing so, especially when one takes into consideration the security and availability measures undertaken by the cloud provider, helps to create overlapping layers of security and redundancy that employ a diverse set of tactics to protect against threats and downtime. Cloud-based security and availability provides a critical layer within this approach, helping to overcome limitations inherent in more rigid, traditional perimeter defense solutions. As with the cloud computing services they can be used to protect, cloud-based security and availability solutions offer cost-effective, on-demand capabilities that reduce IT planning and maintenance overhead.

Not all cloud security and availability services are created equal, however. In order use the unique strengths of the cloud to their advantage, IT managers must seek out cloud security and availability solutions that leverage a highly distributed, multi-network platform - one that can deliver massive scale at the edges of the Internet, be 100 percent available, protect cloud assets and applications by deflecting attacks closer to their source and react in real time to changing conditions in cloud environments. Offerings built on this type of architecture help organizations combat today's Internet threats and availability challenges through capabilities such as:

  • Extensive Scalability. Only a large, highly distributed architecture can withstand and deflect attacks of the magnitude being observed today. The key is using a service that can scale instantaneously and on demand.
  • Flexibility and Adaptability. By offering the ability to provision a variety of capabilities quickly and easily, without requiring changes to core infrastructure, cloud-based security and availability solutions are designed to enable effective defenses that are adapted to each unique attack or availability problems. Enterprises can employ new business logic, use targeted capabilities, and turn strategies on and off as warranted to best counteract the specific attack while maintaining availability for legitimate users - all without having to involve the cloud hosting provider.
  • Cost Efficiency. Cloud security services help enable organizations to overcome the costly problem of "guessing right" in their defense and capacity planning. Capabilities and resources are cost-effectively provisioned on-demand, as needed, with a goal of ensuring that businesses have exactly the right amount provisioned at all times.
  • Superior Redundancy. Unlike centralized architectures, a defense layer that spans multiple points of presence is structured to offer unmatched, built-in reliability and redundancy against the Internet's many potential threats and failures.
  • Cloud Load Balancing. Real-time capabilities that allow users to weight load across multiple sources, create sophisticated failover rules across cloud locations or providers
  • Improved Performance. Traditional defense systems typically sacrifice performance for security, but a highly distributed platform boosts response times instead by handling requests at the edge of the Internet and counteracting attacks at their source.
  • Holistic Integration. A successful security strategy requires overlapping security layers that work in concert. Cloud security and availability services should work in tandem with those of the cloud provider to deliver additional robustness for the existing security architecture.

Conclusion
The enterprise move to the cloud is taking place in concert with a marked increase in the size and sophistication of Internet threats. As attacks continue to multiply, businesses need to be more vigilant than ever in protecting their digital infrastructure and assets. Effective security for cloud-based assets requires a security strategy that can effectively augment the traditional, centralized protections offered by the cloud provider with a primary cloud-based outer ring of defense to provide the scalability and flexibility that the current caliber of threats demands.

High-quality experiences, whether that means fast response time or highly dynamic and collaborative applications, are not only expected but also increasing as consumer experiences penetrate the enterprise. Companies must meet those demands while not compromising the overall experience. Cloud-based security and availability services can offer clear advantages in terms of scalability, flexibility, capacity planning, and cost. In this brave new world, the Internet cloud is the enterprise perimeter, and robust security and availability for cloud assets requires embracing the cloud even further.

Distributed denial-of-service attacks are but one example of the myriad threats organizations face today, but they highlight the limitations of conventional, centralized perimeter defense solutions and emphasize the clear advantages that cloud-based security can offer in terms of scalability, flexibility, capacity planning, and cost.

References

1.       Gartner, Forecast: Public Cloud Services, Worldwide, 2010-2016, 4Q12 Update

2.       2013 IDG Enterprise Cloud Computing Study

3.       Ibid

More Stories By Gary Ballabio

Gary Ballabio is a Product Line Director responsible for Akamai's Enterprise Cloud Solutions portfolio. In his role, he runs Akamai's Terra Alta, Web Application Accelerator and Cloud Monitor services, which target major Enterprise based initiatives centered around Cloud adoption, Big Data and Mobile/BYOD. A 13 year veteran at Akamai, Ballabio has also held leadership roles in Engineering, Sales Engineering, Account Management and Professional Services covering teams in the US, Europe and Asia.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, added the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor analytic...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
In a world where the internet rules all, where 94% of business buyers conduct online research, and where e-commerce sales are poised to fall between $427 billion and $443 billion by the end of this year, we think it's safe to say that your website is a vital part of your business strategy. Whether you're a B2B company, a local business, or an e-commerce site, digital presence is key to maintain in your drive towards success. Digital Performance will take priority in 2018 for the following reason...
I think DevOps is now a rambunctious teenager - it's starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"We're developing a software that is based on the cloud environment and we are providing those services to corporations and the general public," explained Seungmin Kim, CEO/CTO of SM Systems Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.