Four real cases give you 0 distance to touch Cloud security

Source: Internet
Author: User
Keywords Firewalls vendors but
Tags access accounts active directory addressed application apps based business

While there is some initial understanding of cloud security, it may be possible to learn more about cloud security with specific examples. Here's a list of four questions that most users are worried about and how these problems are addressed.

Cloud Mode: SaaS

Security concerns: Single sign-on

When Lincoln Cannon10 was hired by a medical device company with 1500 employees a month ago as head of network systems, he wanted to help the sales department switch to Google Apps and SaaS based training application Eleap, reducing development costs and increasing productivity.

However, some concerns need to be addressed. Marketers do not want users to log on more than once, while the IT department wants to retain control over access, especially when new employees and employees are left to terminate their accounts.

Cannon uses symplified single sign-on because it can contact Active Directory and verify the certificates that are attempting to log on to the cloud application user. Google Apps use APIs to authenticate users to single sign-on vendors. However, if you use Eleap, the system will also need to use an authentication adapter.

Cannon thinks it's like a security. Because to get eleap training cases or Google Apps, you need to be authenticated by a single sign-on vendor. It also synchronizes with Active Directory. We define the accounts that are authorized to access these SaaS applications through symplified, and when we close some ad accounts, it blocks the closed accounts in due course to prevent those accounts from accessing the SaaS application.

The symplified system can operate in SaaS mode, but the appliance company chooses to deploy a route hosted by Symplified after its firewall. This is done because the IT department does not want to manage user accounts and passwords on the cloud. All of these accounts and passwords operate on the back end of the firewall.


Cloud Mode: IaaS

Security concerns: Data encryption

Flushing Bank of New York, CIO Allen Brewer wants to convert data back into a cloud. After choosing Zecurion's Zerver, the Flushing Bank is now backing up the file over the Internet. The first thing the bank needs to consider is data encryption and finding a service provider that adapts to the bank's existing encryption laws. Some companies have since provided encryption, and they have relied on themselves, says Brewer. The data sent and saved by the bank is encrypted at the vendor.

Some cloud-based backup storage vendors Install the appliance on the client to accommodate encryption, but flushing is not interested in such an installation. Brewer chose Zecurion because he knew the location of the data center where the information was stored. He says he knows where the company's three data centers are, rather than sending the data to the cloud and not knowing the location of the data.


Cloud Mode: Field Cloud

Security Concerns: Virtualization

When Matt Reidy, SnagAJob.com's IT operations director, embarked on the company's three-year technical update, his goal was to upgrade the company's existing 75% virtual environment to 100% virtual, private, secure cloud computing, and use the Dell Blade server running VMware and vsphere at its core.

Reidy that rnagajob as a fast-growing and development-potential site requires the flexibility to operate in a cloud mode. Prior to the technology update, SnagAJob had a multi-tier architecture that was physically isolated from the web, applications, and data tiers. Reidy can remove a physical firewall before, and then deploy a virtual firewall from Altor network to achieve percent virtualization. In the future, the physical firewall will only exist in the peripheral products outside the intrusion detection and defense devices.

Reidy also explains that users can run a firewall device as a virtual machine before Vshpere version four, but their performance is limited because network traffic must pass through these virtual machines. Now, Vsphere has an API called Vmsafe that allows firewall vendors such as altor,checkpoint to transfer traffic detection to VMware cores.

Reidy that the new version improves product performance, stability, and security. With the Altor virtual firewall, his team now has the ability to observe the transfer of traffic between virtual machines, including protocol and data size. This is a challenge in the virtual cloud domain because traditional products do not. And now we can get more security because we can see the data transfer and write the rules based on this observation. Other products with this visual feature include Cisco's NetFlow and Juniper Network J-flow, as well as an open system standard called Sflow.


Cloud Mode: PaaS

Security concerns: Virtualization, business continuity, auditing

In the new company, Kavis chose to let Amazon host the entire architecture of the company. Prior to that, he negotiated with security experts to deploy virtual machines to clarify their needs. Kavis then creates a virtual picture that applies those controls, and creates a Shing program that can be replicated at any time and install a new virtual machine on demand.

Kevis said: "Amazon provides virtual image software, but its security is not enough." "If you use PAAs, that's the only problem that needs to be addressed, but if you use IaaS, I can set security performance to the level I want, and it will be more flexible on the operation." ”

Kavis also needs to perform all functions that the system administrator should perform, such as opening and closing ports, writing configuration, and locking the database. And he uses the lamp stack provided by Amazon. Kavis is very satisfied with the perimeter security provided by Amazon and believes that its products have reached a level that many companies cannot.

To ensure business continuity, Kavis copies all data to more than two additional environments. Unless Amazon's multiple geographies are paralyzed, Kavis's business will be paralyzed. However, Amazon has a high degree of reliability in each of the specified domains, so the likelihood of all operations being paralyzed at the same time is slim.

Another issue that Kavis has to address is auditing. Since the rules do not yet reflect cloud computing, the rules will send access to the physical box, which the user cannot do in the public cloud. For data that conforms to the rules, Kavis plans to use a virtual proprietary cloud. The supplier will say: "Your server is locked, and if you need to audit, you can bring the auditor to check." We will complete the audit with this, but all operations will be done on the public cloud. "Even if users need to include specific types of data in place, they need to unload the process into the public cloud from a scale and cost standpoint."

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.