For opsource--We don't mention Amazon Web Services (AWS), Rackspace, Terremark, and other businesses – the answer is a 2-tier VLAN. In the Opsource case, the user connects to the cloud using either a VPN client or a station-arrival VPN tunnel. This approach makes the public cloud an extension of the private cloud, making it a secure hybrid cloud.
The National Highway Traffic Safety Administration (NHTSA) spent 30 days in 2009 building and testing the infrastructure built for President Obama's Consumer Recovery and Conservation Act, and NHTSA's answer came from the Cloudspan of Layer 7 technology. Cloudconnect Gateway. This service allows NHTSA to place its servers in a public cloud with appropriate security controls. As a result, the bill, dubbed "Cash for Clunkers" by consumers, has led more than 690,000 Americans to monetary subsidies, replacing newer, cleaner and safer new cars with old ones.
A public cloud with VPN capabilities and additional security layers, such as Cloudspan, are just two of the many solutions to the problem of public cloud security. Each case has its own strengths and weaknesses, including cost, complexity, performance, and latency overhead.
Organizations can optimize these methods of resolving public cloud security, depending on whether an application is a critical task and how to secure the data needed for the application. Here are 10 ways to strengthen public cloud security to support enterprise-class applications.
1. Choose suitable application for public cloud
Some companies, including most start-ups, start with public cloud services for all their applications, including mission-critical applications and their associated data. For example, the fast-growing social media site Pinterest used 150 AWS instances, storing more than 400TB of data, so that a new venture would put all its applications on the public cloud.
However, the public cloud is not suitable for all organizations, nor for all applications within an organization. Generally speaking, enterprise applications suitable for public cloud have no strict security requirements. In cases such as Web sites, application development, testing, online product catalogs, and product documentation, the default security provided by most cloud service providers (CSPs) is sufficient to meet the security requirements of such applications.
2. Evaluate and strengthen safety if necessary
The public cloud security provided by CSP can be said to vary widely. Therefore, it is important to be aware of this when evaluating CSPs. The ISO/IEC 27000 Standard Series provides a system for studying information security risks, valuing threats, vulnerabilities, and their impact, and designing and implementing a comprehensive information security control system with a management process that ensures that the guidelines are followed.
Organizations that are considering migrating sensitive applications and their data to public cloud need to assess and compare security measures for different CSPs based on these criteria. If necessary, the security measures used within the organization's private cloud can also be extended to its public cloud instance. As mentioned above, the products of companies such as Cloudspan allow organizations to enforce the same standard of information and apply security policies on private and public cloud instances.
3. Identify and use appropriate third party audit services
When considering security compliance, organizations cannot simply trust CSP propaganda. Third-party audit services can audit CSP processes and related procedures to see if they meet safety standards, consistency, and so on, and compare them to the CSP's commitment to the customer. The SAS-type II standard provides for a minimum of 6 months or longer for such audits. Migrating some applications to the public cloud and auditing them within a certain extended period can provide an adaptive period for the Organization so that the enterprise can more confidently migrate more sensitive applications and related data to the public cloud.
4. Increase the authentication layer
Most CSPs provide good authentication services for public cloud instances, but the product Halo Netsec, a SaaS security vendor Cloudpassage, adds an additional level of authentication. Here you need to weigh the need for better public cloud security or the need to reduce the potential increase in network latency costs, possible performance degradation, and additional points of failure.
5, consider the impact of additional security on integration
The default security provided by most leading CSPs is already quite powerful. Additional public cloud security measures on them may affect overall application performance while making authentication and access management more complex. These considerations are all the more important if the enterprise's mission-critical applications need to be integrated with other business applications, because end users don't like to be used in a hurry when they need it.
6, put the security provisions at the front of the SLA
When running a private cloud, you will have some tools that let you know when and where a security leak might occur. But how can a CSP customer keep track of such security leaks?
The public cloud security provided by CSP is not the best, unless written SLA terms are signed, unless transparent monitoring and reporting functions are available to cloud customers. CSP's own contract may be of no use in this regard.
7, adhere to the transparent security process
The requirements for transparent and verifiable security processes, procedures, and practices in SLAs extend well beyond the risk of potential data disclosure. At least one physical location is available when the enterprise leases the managed server, and you can see the cabinet where the physical server is placed. In a public cloud, you cannot accurately know the physical whereabouts of a corporate cloud instance, and all you can rely on is the information that the CSP provides you. That's why transparency is so important.
8. Simplify logging and monitoring
Careful consideration of the monitoring and logging of CSP cloud instances is another key to ensuring public cloud security. Before you sign an SLA, compare the logging and monitoring practices of each CSP, perhaps revealing the nuances of the security measures provided by each CSP.
9, encryption
You can use your own encryption method without using the method provided by the CSP. Although the CSP encrypts the information and then sends it to the public Internet, it is stored in the common cloud, but the CSP also sends the encryption key. This may make the organization feel uneasy because the key may fall into the hands of a malicious molecule while it is being sent.
There are a number of installable products or SaaS vendors that can do this kind of encryption online. When this is done, the CSP is not known until the client and the Third-party vendor instruct the key.
10, the use of multiple, redundant CSP dispersed risk
It is a common practice to buy high bandwidth from multiple vendors to connect to data centers because businesses want to spread risk across multiple providers. If a CSP is down, other vendors will still be able to operate normally. At present, a number of cloud configuration tools have been integrated into the leading CSP services.
Enterprises can automatically start additional server instances of multiple CSPs on demand, and some sites such as Pinterest (afternoon and evening) and Netflix (weekend) can provide such instances during peak periods. Here, if the CPU usage reaches a threshold, the attached instance starts and the instance shuts down when the usage rate drops.
It is reasonable to use an instance of a different CSP in a circular manner when an additional instance is started. For example, the first instance uses AWS, the second uses Rackspace, and the third uses opsource ... Wait a minute. If this is the case, the AWS service interruption event of June 29 will not adversely affect the organization's application.
Weigh the security and performance of the public cloud
While security is the primary concern of many organizations in using the public cloud as an IaaS, there are many ways to address this problem effectively. The simplest approach is to migrate only the least sensitive applications and data to the public cloud.
If your organization decides to migrate mission-critical applications into the cloud, you need to add some security measures beyond the security measures provided by the CSP. However, there is always a trade-off in increasing the security layer of the public cloud because doing so may increase the point of failure or cause the application to run more slowly. Finding the right balance between security and performance can be difficult, but trying to achieve that balance is reassuring to the organization.