SDN Journal Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Cloud Security, SDN Journal

@CloudExpo: Blog Post

Top Cloud Security Tips for CISOs By @Porticor | @CloudExpo [#Cloud]

Recent attacks have proven, yet again, that data security is a critical component in any cloud migration strategy

Cloud security is a top concern for chief security officers. In almost any enterprise, cloud migration is a given fact and recent attacks have proven, yet again, that data security is a critical component in any cloud migration strategy.

Below are four tips, specific to Infrastructure as a Service (IaaS) cloud security.

  1. Migrate your data - own your security
    When moving to the cloud, companies have the natural tendency to look for security solutions from their cloud provider of choice. IaaS providers are very good at managing storage, computation resources, and virtual machines, but in most cases they can't provide data security solutions that are as secure as if you were to manage them yourself.

Keep in mind the shared responsibility model when planning a secure cloud migration, and verify carefully which tools are provided by your cloud provider, and which tools should be integrated by you.

In most IaaS clouds, your responsibility starts at your host VM level and goes all the way up to the application security level. Ensure you are in control of your security tools.

Let's take cloud encryption as an example: make sure your encryption keys are owned by your organization, not by the cloud provider. This is the only way you can prove your data is in compliance and safe from preying eyes.

  1. Adopt cloud-friendly security tools - Get some CTO love
    Cloud security means many things to many people. The CTO in your organization is most likely heavily focused on making infrastructure cloud deployments as automated and seamless as possible.

Integrating traditional security tools like those you're used to using in your on-premise data center might prove to be very complicated to use in the cloud, and may thus eliminate many of the cloud automation advantages.

When possible, try to use tools specifically tailored to the cloud. Dome9 does a wonderful job providing an IaaS firewall, Incapsula provides a Web Application Firewall solution for such clouds, and Porticor provides an innovative key management and encryption solution for multiple IaaS clouds.

Leveraging such tools will ensure you get the most secure deployment while your IaaS cloud continues to use automation and orchestration tools.

  1. 2015 is the year of "encrypt everything"
    From the attacks on Target and EBay to the most recent breach of Sony Pictures, attackers are targeting your organizational data. We said it before (for example here), encrypting your data should be a high priority for any organization.

Encryption is an obvious requirement if you deal with financial, medical and other regulated data, but almost any company today stores private information relating to its employees and such information should be encrypted at all times, and most certainly in infrastructure clouds.

The importance of encryption is not in its ability to identify or prevent an attack; there are other tools for that. The assumption is that some attacks will eventually succeed.  Encrypted data would render stolen data unusable, and therefore we believe more and more companies will adopt an "encrypt everything" approach as part of their cloud strategy.

  1. Make sure your plan sticks for multiple clouds
    Last, validate your plan against multiple clouds. "Sandbox" a few private and public clouds and ask yourself if your strategy sticks. Can you use your firewall across all cloud deployments? Will you be able to leverage your current key management solution effectively in the cloud?

In many cases you'll realize that your current tools are not sufficient for a public or hybrid cloud deployment. This is a great exercise to run early in the decision making process, as budgeting for a new "security wardrobe" might be needed.

More Stories By Ariel Dan

Ariel Dan is co-founder and Executive Vice President at Porticor cloud security. Follow him on twitter: @ariel_dan

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. His expertise is in automating deployment, management, and problem resolution in these environments, allowing his teams to run large transactional applications with high availability and the speed the consumer demands.
The technologies behind big data and cloud computing are converging quickly, offering businesses new capabilities for fast, easy, wide-ranging access to data. However, to capitalize on the cost-efficiencies and time-to-value opportunities of analytics in the cloud, big data and cloud technologies must be integrated and managed properly. Pythian's Director of Big Data and Data Science, Danil Zburivsky will explore: The main technology components and best practices being deployed to take advantage of data and analytics in the cloud, Architecture, integration, governance and security scenarios and Key challenges and success factors of moving data and analytics to the cloud
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.
"When you think about the data center today, there's constant evolution, The evolution of the data center and the needs of the consumer of technology change, and they change constantly," stated Matt Kalmenson, VP of Sales, Service and Cloud Providers at Veeam Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.