Security in the cloud - barbarians at the gates

When we distribute the data centre to the cloud, we’re adding many more gates - one or more for each information server and data storage node in the cloud architecture.  Putting physical security aside, each node deserves its own network security attention.  When business applications are moved to the cloud, we necessarily lose control and need to depend on others to implement authentication procedures, firewall rules, etc.  Network security may not be implemented expeditiously or accurately, opening security holes that may not have existed in the locked, single data centre.

Even when network security precautions are correctly implemented, the resource sharing that goes on within a virtualised cloud data centre opens up additional risks.  Business applications run on multiple virtual machines distributed across multiple virtualised servers that are shared with other applications.  Innocent bugs or malicious hacking may penetrate neighbouring virtual machines.  Likewise, data stored in the cloud shares physical storage with other applications and may be accidentally or deliberately exposed.

One key technique used to ensure security in the cloud is data encryption.  Most network links between cloud nodes are protected by IPsec encryption, the same technique used to secure links with remote workers in an enterprise.  Likewise, data stored in the cloud is encrypted to protect it from improper access.  This solution is not a panacea; passwords and encryption keys need to be distributed and stored.

In most cases, the advantages of cloud computing make the additional security risks worthwhile.  It’s necessary, however, to ensure that all gates are protected and that security mechanisms are tested.

---
Dave Schneider is a sr. manager of market development for Ixia, a manufacturer of network testing solutions including hardware and software for network security validation.