SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Security and Availability Techniques for Cloud-Based Applications

High-quality experiences are not only expected but also increasing as consumer experiences penetrate the enterprise

Enterprise organizations are bombarded daily with the myriad reasons to deploy their line of business applications in the cloud. Efficiency, flexibility, cost savings, agility - and the list goes on and on - are just some of the benefits exhorted by cloud computing supporters. And industry analyst firms such as Gartner believe these various benefits will help drive spending on cloud services to $210 billion in 2016 [1].

By all accounts, the future of cloud computing is anything by cloudy. Unfortunately, that assessment doesn't paint a complete picture of everything impacting cloud adoption at the enterprise level. High-profile outages at several different cloud providers have led some to question whether or not the cloud is reliable enough to trust to "important" applications. The typical argument goes something like this: "The Internet is great, but it wasn't really designed for business use. I need to be really careful about what kinds of applications I put in the public cloud. In other words, it's okay if email is out for a couple of hours, but we certainly couldn't endure extended downtime if our supplier portal was inaccessible."

It's not just reliability and availability that have some IT managers questioning whether or not the cloud is right for them. Most enterprises have spent significant time, effort and budget developing and implementing information security strategies designed to protect their applications from a whole host of threats - from distributed denial of service attacks to attempts targeted at the application layer intended to facilitate data exfiltration or cause other malicious results. Today's datacenters can sometimes resemble digital fortresses, and the belief that it may be near impossible to replicate these enterprise defenses in the cloud has some organizations believing cloud computing just isn't right for them. Really, what cloud provider is going to let a customer deploy their equipment, their custom configurations, their anything in the public cloud provider's environment? It's just not going to happen.

Does that mean that the promise of cloud only applies to consumers looking for a place to store digital copies of their favorite albums and movies, vacation snapshots and the latest Dan Brown thriller? Are enterprises only going to trust the cloud for developer sandboxes and less than business-critical applications? The answer to both these questions is a resounding no. Many studies show that public cloud adoption is on the rise and the types of workloads moving to the cloud are expanding to all parts of the organization. Finding solutions that can overcome the security and availability concerns in public cloud environments (because security and availability ultimately go hand in hand) is of paramount concern.

A Fortress in the Cloud
All public cloud providers - IaaS, PaaS, SaaS, whichever permutation you choose - have their own perimeter defenses in place designed to protect their and their customers' cloud assets. Just like any enterprise, cloud providers have spent considerable time and effort developing, deploying, maintaining, and modifying when necessary, their security postures. Offering the most secure and highly available cloud platforms possible is fundamental to the long-term success of these providers. The only problem? These security measures aren't yours. And, according to a recent survey by IDG Enterprise, security policy enforcement is a top concern of organizations using cloud services, with 59 percent of respondents indicating uncertainty in this area [2]. Similarly, 56 percent of respondents to the same survey reported that the ability of cloud providers to meet organizational compliance requirements was required before fully embracing the cloud [3]. Even further, the availability options in public cloud environments are localized and at best contained within that cloud provider.

Where does that leave enterprise IT managers who want to put the cloud to work for their business without raising the ire of their colleagues in InfoSec while also ensuring that no catastrophic event can leave their applications unresponsive? If we stay with the fortress metaphor, the easy answer is to build a digital moat around whichever cloud service they're using to add an extra layer of protection for the applications and assets that have been hosted in the cloud as well as real-time intelligence to detect and react against deteriorating response times or worse, no response to user requests

Using a Cloud Service to Protect and Improve the Cloud
The ability to deploy cloud-based security and availability services to protect cloud-based assets gives today's enterprises an innovative approach to helping address the perceived limitations of the cloud providers' traditional perimeter and internal solutions. Adding a globally distributed layer of defense, which is instantaneously scalable and able to detect problems in real-time, can help deliver a level of protection that is orders of magnitude greater than any centralized defense.

In addition, cloud security and availability solutions offer unprecedented flexibility across a broad set of protective capabilities as well as load balancing capabilities that can be combined with failover logic in a powerful way. This allows companies who are leveraging multiple cloud environments to leverage standardized, just-in-time defenses that help them adapt to rapidly changing risks and conditions both in front of and within their cloud environments. These services help IT managers set up systems that automatically react to and protect against unforeseen new threats, while also ensuring responses to end users during unexpected downtime. As important, these defenses follow all of the application owner's established security processes, procedures and configurations no matter where the application moves to ensure utmost availability.

Even as the industry is recognizing that the conventional "defend the fort" mentality is no longer proving sufficient for a traditional enterprise, it is even less so for the cloud. Instead, to mitigate today's pervasive and evolving threats, enterprises that have moved to the cloud (or are thinking of it) need to embrace the distributed nature of the Internet to use its scale and flexibility to their advantage when implementing a defense and ensuring uptime.

Doing so, especially when one takes into consideration the security and availability measures undertaken by the cloud provider, helps to create overlapping layers of security and redundancy that employ a diverse set of tactics to protect against threats and downtime. Cloud-based security and availability provides a critical layer within this approach, helping to overcome limitations inherent in more rigid, traditional perimeter defense solutions. As with the cloud computing services they can be used to protect, cloud-based security and availability solutions offer cost-effective, on-demand capabilities that reduce IT planning and maintenance overhead.

Not all cloud security and availability services are created equal, however. In order use the unique strengths of the cloud to their advantage, IT managers must seek out cloud security and availability solutions that leverage a highly distributed, multi-network platform - one that can deliver massive scale at the edges of the Internet, be 100 percent available, protect cloud assets and applications by deflecting attacks closer to their source and react in real time to changing conditions in cloud environments. Offerings built on this type of architecture help organizations combat today's Internet threats and availability challenges through capabilities such as:

  • Extensive Scalability. Only a large, highly distributed architecture can withstand and deflect attacks of the magnitude being observed today. The key is using a service that can scale instantaneously and on demand.
  • Flexibility and Adaptability. By offering the ability to provision a variety of capabilities quickly and easily, without requiring changes to core infrastructure, cloud-based security and availability solutions are designed to enable effective defenses that are adapted to each unique attack or availability problems. Enterprises can employ new business logic, use targeted capabilities, and turn strategies on and off as warranted to best counteract the specific attack while maintaining availability for legitimate users - all without having to involve the cloud hosting provider.
  • Cost Efficiency. Cloud security services help enable organizations to overcome the costly problem of "guessing right" in their defense and capacity planning. Capabilities and resources are cost-effectively provisioned on-demand, as needed, with a goal of ensuring that businesses have exactly the right amount provisioned at all times.
  • Superior Redundancy. Unlike centralized architectures, a defense layer that spans multiple points of presence is structured to offer unmatched, built-in reliability and redundancy against the Internet's many potential threats and failures.
  • Cloud Load Balancing. Real-time capabilities that allow users to weight load across multiple sources, create sophisticated failover rules across cloud locations or providers
  • Improved Performance. Traditional defense systems typically sacrifice performance for security, but a highly distributed platform boosts response times instead by handling requests at the edge of the Internet and counteracting attacks at their source.
  • Holistic Integration. A successful security strategy requires overlapping security layers that work in concert. Cloud security and availability services should work in tandem with those of the cloud provider to deliver additional robustness for the existing security architecture.

The enterprise move to the cloud is taking place in concert with a marked increase in the size and sophistication of Internet threats. As attacks continue to multiply, businesses need to be more vigilant than ever in protecting their digital infrastructure and assets. Effective security for cloud-based assets requires a security strategy that can effectively augment the traditional, centralized protections offered by the cloud provider with a primary cloud-based outer ring of defense to provide the scalability and flexibility that the current caliber of threats demands.

High-quality experiences, whether that means fast response time or highly dynamic and collaborative applications, are not only expected but also increasing as consumer experiences penetrate the enterprise. Companies must meet those demands while not compromising the overall experience. Cloud-based security and availability services can offer clear advantages in terms of scalability, flexibility, capacity planning, and cost. In this brave new world, the Internet cloud is the enterprise perimeter, and robust security and availability for cloud assets requires embracing the cloud even further.

Distributed denial-of-service attacks are but one example of the myriad threats organizations face today, but they highlight the limitations of conventional, centralized perimeter defense solutions and emphasize the clear advantages that cloud-based security can offer in terms of scalability, flexibility, capacity planning, and cost.


1.       Gartner, Forecast: Public Cloud Services, Worldwide, 2010-2016, 4Q12 Update

2.       2013 IDG Enterprise Cloud Computing Study

3.       Ibid

More Stories By Gary Ballabio

Gary Ballabio is a Product Line Director responsible for Akamai's Enterprise Cloud Solutions portfolio. In his role, he runs Akamai's Terra Alta, Web Application Accelerator and Cloud Monitor services, which target major Enterprise based initiatives centered around Cloud adoption, Big Data and Mobile/BYOD. A 13 year veteran at Akamai, Ballabio has also held leadership roles in Engineering, Sales Engineering, Account Management and Professional Services covering teams in the US, Europe and Asia.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to advisory roles at startups. He has worked extensively on monetization, SAAS, IoT, ecosystems, partnerships and accelerating growth in new business initiatives.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O'Reilly author.