Welcome!

SDN Journal Authors: Daniel Gordon, John Walsh, Elizabeth White, Liz McMillan, Sven Olav Lund

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Security and Availability Techniques for Cloud-Based Applications

High-quality experiences are not only expected but also increasing as consumer experiences penetrate the enterprise

Enterprise organizations are bombarded daily with the myriad reasons to deploy their line of business applications in the cloud. Efficiency, flexibility, cost savings, agility - and the list goes on and on - are just some of the benefits exhorted by cloud computing supporters. And industry analyst firms such as Gartner believe these various benefits will help drive spending on cloud services to $210 billion in 2016 [1].

By all accounts, the future of cloud computing is anything by cloudy. Unfortunately, that assessment doesn't paint a complete picture of everything impacting cloud adoption at the enterprise level. High-profile outages at several different cloud providers have led some to question whether or not the cloud is reliable enough to trust to "important" applications. The typical argument goes something like this: "The Internet is great, but it wasn't really designed for business use. I need to be really careful about what kinds of applications I put in the public cloud. In other words, it's okay if email is out for a couple of hours, but we certainly couldn't endure extended downtime if our supplier portal was inaccessible."

It's not just reliability and availability that have some IT managers questioning whether or not the cloud is right for them. Most enterprises have spent significant time, effort and budget developing and implementing information security strategies designed to protect their applications from a whole host of threats - from distributed denial of service attacks to attempts targeted at the application layer intended to facilitate data exfiltration or cause other malicious results. Today's datacenters can sometimes resemble digital fortresses, and the belief that it may be near impossible to replicate these enterprise defenses in the cloud has some organizations believing cloud computing just isn't right for them. Really, what cloud provider is going to let a customer deploy their equipment, their custom configurations, their anything in the public cloud provider's environment? It's just not going to happen.

Does that mean that the promise of cloud only applies to consumers looking for a place to store digital copies of their favorite albums and movies, vacation snapshots and the latest Dan Brown thriller? Are enterprises only going to trust the cloud for developer sandboxes and less than business-critical applications? The answer to both these questions is a resounding no. Many studies show that public cloud adoption is on the rise and the types of workloads moving to the cloud are expanding to all parts of the organization. Finding solutions that can overcome the security and availability concerns in public cloud environments (because security and availability ultimately go hand in hand) is of paramount concern.

A Fortress in the Cloud
All public cloud providers - IaaS, PaaS, SaaS, whichever permutation you choose - have their own perimeter defenses in place designed to protect their and their customers' cloud assets. Just like any enterprise, cloud providers have spent considerable time and effort developing, deploying, maintaining, and modifying when necessary, their security postures. Offering the most secure and highly available cloud platforms possible is fundamental to the long-term success of these providers. The only problem? These security measures aren't yours. And, according to a recent survey by IDG Enterprise, security policy enforcement is a top concern of organizations using cloud services, with 59 percent of respondents indicating uncertainty in this area [2]. Similarly, 56 percent of respondents to the same survey reported that the ability of cloud providers to meet organizational compliance requirements was required before fully embracing the cloud [3]. Even further, the availability options in public cloud environments are localized and at best contained within that cloud provider.

Where does that leave enterprise IT managers who want to put the cloud to work for their business without raising the ire of their colleagues in InfoSec while also ensuring that no catastrophic event can leave their applications unresponsive? If we stay with the fortress metaphor, the easy answer is to build a digital moat around whichever cloud service they're using to add an extra layer of protection for the applications and assets that have been hosted in the cloud as well as real-time intelligence to detect and react against deteriorating response times or worse, no response to user requests

Using a Cloud Service to Protect and Improve the Cloud
The ability to deploy cloud-based security and availability services to protect cloud-based assets gives today's enterprises an innovative approach to helping address the perceived limitations of the cloud providers' traditional perimeter and internal solutions. Adding a globally distributed layer of defense, which is instantaneously scalable and able to detect problems in real-time, can help deliver a level of protection that is orders of magnitude greater than any centralized defense.

In addition, cloud security and availability solutions offer unprecedented flexibility across a broad set of protective capabilities as well as load balancing capabilities that can be combined with failover logic in a powerful way. This allows companies who are leveraging multiple cloud environments to leverage standardized, just-in-time defenses that help them adapt to rapidly changing risks and conditions both in front of and within their cloud environments. These services help IT managers set up systems that automatically react to and protect against unforeseen new threats, while also ensuring responses to end users during unexpected downtime. As important, these defenses follow all of the application owner's established security processes, procedures and configurations no matter where the application moves to ensure utmost availability.

Even as the industry is recognizing that the conventional "defend the fort" mentality is no longer proving sufficient for a traditional enterprise, it is even less so for the cloud. Instead, to mitigate today's pervasive and evolving threats, enterprises that have moved to the cloud (or are thinking of it) need to embrace the distributed nature of the Internet to use its scale and flexibility to their advantage when implementing a defense and ensuring uptime.

Doing so, especially when one takes into consideration the security and availability measures undertaken by the cloud provider, helps to create overlapping layers of security and redundancy that employ a diverse set of tactics to protect against threats and downtime. Cloud-based security and availability provides a critical layer within this approach, helping to overcome limitations inherent in more rigid, traditional perimeter defense solutions. As with the cloud computing services they can be used to protect, cloud-based security and availability solutions offer cost-effective, on-demand capabilities that reduce IT planning and maintenance overhead.

Not all cloud security and availability services are created equal, however. In order use the unique strengths of the cloud to their advantage, IT managers must seek out cloud security and availability solutions that leverage a highly distributed, multi-network platform - one that can deliver massive scale at the edges of the Internet, be 100 percent available, protect cloud assets and applications by deflecting attacks closer to their source and react in real time to changing conditions in cloud environments. Offerings built on this type of architecture help organizations combat today's Internet threats and availability challenges through capabilities such as:

  • Extensive Scalability. Only a large, highly distributed architecture can withstand and deflect attacks of the magnitude being observed today. The key is using a service that can scale instantaneously and on demand.
  • Flexibility and Adaptability. By offering the ability to provision a variety of capabilities quickly and easily, without requiring changes to core infrastructure, cloud-based security and availability solutions are designed to enable effective defenses that are adapted to each unique attack or availability problems. Enterprises can employ new business logic, use targeted capabilities, and turn strategies on and off as warranted to best counteract the specific attack while maintaining availability for legitimate users - all without having to involve the cloud hosting provider.
  • Cost Efficiency. Cloud security services help enable organizations to overcome the costly problem of "guessing right" in their defense and capacity planning. Capabilities and resources are cost-effectively provisioned on-demand, as needed, with a goal of ensuring that businesses have exactly the right amount provisioned at all times.
  • Superior Redundancy. Unlike centralized architectures, a defense layer that spans multiple points of presence is structured to offer unmatched, built-in reliability and redundancy against the Internet's many potential threats and failures.
  • Cloud Load Balancing. Real-time capabilities that allow users to weight load across multiple sources, create sophisticated failover rules across cloud locations or providers
  • Improved Performance. Traditional defense systems typically sacrifice performance for security, but a highly distributed platform boosts response times instead by handling requests at the edge of the Internet and counteracting attacks at their source.
  • Holistic Integration. A successful security strategy requires overlapping security layers that work in concert. Cloud security and availability services should work in tandem with those of the cloud provider to deliver additional robustness for the existing security architecture.

Conclusion
The enterprise move to the cloud is taking place in concert with a marked increase in the size and sophistication of Internet threats. As attacks continue to multiply, businesses need to be more vigilant than ever in protecting their digital infrastructure and assets. Effective security for cloud-based assets requires a security strategy that can effectively augment the traditional, centralized protections offered by the cloud provider with a primary cloud-based outer ring of defense to provide the scalability and flexibility that the current caliber of threats demands.

High-quality experiences, whether that means fast response time or highly dynamic and collaborative applications, are not only expected but also increasing as consumer experiences penetrate the enterprise. Companies must meet those demands while not compromising the overall experience. Cloud-based security and availability services can offer clear advantages in terms of scalability, flexibility, capacity planning, and cost. In this brave new world, the Internet cloud is the enterprise perimeter, and robust security and availability for cloud assets requires embracing the cloud even further.

Distributed denial-of-service attacks are but one example of the myriad threats organizations face today, but they highlight the limitations of conventional, centralized perimeter defense solutions and emphasize the clear advantages that cloud-based security can offer in terms of scalability, flexibility, capacity planning, and cost.

References

1.       Gartner, Forecast: Public Cloud Services, Worldwide, 2010-2016, 4Q12 Update

2.       2013 IDG Enterprise Cloud Computing Study

3.       Ibid

More Stories By Gary Ballabio

Gary Ballabio is a Product Line Director responsible for Akamai's Enterprise Cloud Solutions portfolio. In his role, he runs Akamai's Terra Alta, Web Application Accelerator and Cloud Monitor services, which target major Enterprise based initiatives centered around Cloud adoption, Big Data and Mobile/BYOD. A 13 year veteran at Akamai, Ballabio has also held leadership roles in Engineering, Sales Engineering, Account Management and Professional Services covering teams in the US, Europe and Asia.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to gre...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored applications in several industries and discussed technologies that allow the deployment of advanced visualization solutions to the cloud.
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, provided a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to oper...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...