Last time we looked at emerging technologies, we addressed virtual system security. This time we are discussing cloud security. The cloud is enabled by virtual systems so why would cloud security be any different from virtual system security? Really, it’s a matter of perception. If you are the cloud provider, your focus is on your virtual infrastructure. You see things the way we did last time. And, you may recall, some of the products we examined were notably suited to cloud providers.
Now, our perspective has shifted a bit. We are seeing the virtual environment from the customer perspective. While we certainly care about the ins and outs of the virtual systems our provider uses to create its cloud, we are primarily focused on our data. After all, the promise of the cloud is that it will replace our expensive, bloated physical data centers. The cloud is the extension of the virtual world, which is going to, you guessed it, replace our expensive, bloated physical data centers.
What does not change is that our data – whether it is on a physical or virtual server or a cloud – still needs protecting. It would be nice if that protection, regardless of what is under the covers, look pretty much the same to us no matter what the environment. Last time we visited these pages, we saw that working out pretty well – for virtual data centers, anyway, that is. Several, if not all of the vendors I spoke with last time, told me that an important design goal was to look, act, behave and protect in the virtual, just as we have been used to seeing and using for many years in the physical.
So, this time the question is: Do the vendors for cloud security do the same thing? The answer is, pretty much, yes. The goals of these products are the same, to be sure. The next question is, how well do they do it and how close does it mimic the old ways of security in the physical realm. There are a few interesting challenges to answering that one. First, for example, one of the things that we have come to expect in the physical is end-to-end security within the enterprise. That means that we need to secure everything – from the endpoints to the perimeter gateway. Additionally, we need to look at email, web, malware, etc.
Over time, the notion of defense-in-depth has matured in the physical world and, to some degree, in the virtual world as well. As long as everything is “on-prem,” the task of end-to-end security is pretty straightforward. But, when we move out into the cloud, it is not quite such a walk in the park. The big reason is that we no longer control our environment. We cannot, for both technical and contractual reasons, manage the configuration of the cloud. We may have some control over our individual virtual servers, but, overall, there is nowhere near as much control as we are used to having.
So, the answer may be wrapping our data in security and not particularly caring what happens in the cloud infrastructure itself. After all, we can’t control that, so let’s look after what we can control. That is the premise behind most, if not all, of the products we are looking at in this section this month.
These products assume that the user cannot control anything, wants a completely transparent experience, and just needs to get their job done, conveniently and safely from anywhere in the world. There actually is, conceptually anyway, a pretty simple way to do that. Encrypt everything on the cloud, give an encrypted tunnel to the users, and don’t allow them to connect to anything but the cloud. That way the cloud actually protects the user, sometimes from themself. It’s actually pretty cool and, as we found this month, it works.
The vendors we looked at address the problem in a variety of ways. Some are specific, while others are much broader. That, of course, mimics the physical world almost exactly. So, if your big problem is email, and you don’t put a lot of data in the cloud, there is a product for you, especially if you outsource your email to a cloud vendor, such as Microsoft.
If you have a broader issue and you are sending everything to the cloud and turning your data center into one big comms shack, you need a different solution to your security problems, and there is one of those here too. Really, the majority of challenges associated with cloud computing are beginning to be addressed – smartly, economically and, best of all, by employing good security practice. I guess this cloud thing is coming of age faster than we thought…. Who knew?