How do you plan to implement a cloud computing network?

Source: Internet
Author: User
Keywords Ensuring cloud computing implementing cloud computing
While sharing data, applications, and it infrastructures can bring significant cost and productivity benefits, they only occur outside the ideal area of the enterprise firewall and physical environment. As a network manager, your task in the cloud computing process is to ensure that users and data are secure after transferring data, applications, and infrastructure to the cloud. While cloud service providers need to share a common responsibility for enterprise data security, the ultimate Corporate Security supporter, the network manager, is responsible.


  


the internal network security situation must be evaluated before any data or applications are moved to the cloud. This is a good time to test your network to see how well the network protection performance matches your data strategy (including security, integrity, and availability), regulatory requirements, and industry best standards.


  


the benefits of this kind of testing are many. Using one or more free commercial network detection tools will surely find the situation worse than the ideal. Once these are perfected by better security technology and improved procedures, it is possible to establish a reasonable security baseline for the network and other devices that it hosts, users and applications, and the traffic it handles. This bottom line can be referenced in future detection and security configuration checks to determine how network security will be affected by the transfer to cloud computing.


  


Second, this also shows that it is important to understand the security policies and procedures of the cloud service provider. The key is to find a security level that meets both the security requirements of the enterprise and the firewall's ability to defend itself. To avoid confusing who will be responsible for all aspects of your data security, such as backup, access, and data corruption, I will make it clear under the contract which party is responsible for complying with the policies or standards.


  


depending on how the cloud service is transmitted, the firewall settings may need to be adjusted. To ensure that measures including perimeter protection, such as the IPs system, have been properly adjusted, work closely with the vendor because the vendor is certainly experienced in dealing with various possible network security configuration issues. If necessary, modify the firewall rules or open other ports, you must make sure that each of these changes have a second network detection, thereby updating the network security bottom line. You can use tools such as nmap to check to make sure that only the appropriate ports are open and that no authorization or connection violates the security policy.


  


Whenever a new service is added to the network, you must ensure that access rights and responsibilities are fully segregated to prevent individuals from potentially damaging company data. It would be necessary to review the authority of the account and the employment registration of human resources, which would ensure that the authority was still appropriate and that accounts that were no longer in use were terminated. As part of cloud computing, any network access control (NAC) system configuration needs to be checked again if you open up network access to third parties, such as suppliers and customers. Make sure that the current NAC product can cope with a sharp increase in users. In fact, many organizations are still looking for SaaS-based NAC solutions to ensure scalability and interoperability.


  


because the application of cloud computing can eliminate the difference between static data and dynamic data to some extent, data encryption becomes one of the most important protection methods. In essence, encrypted data is protected, so all data and traffic will need to be encrypted even if it is protected by other services. In addition, encrypted data is unreadable, easing some of the worries about cloud data corruption. Data encryption also allows separation of tasks and data because the key controls access to the data. I might use analysis software such as Wireshark to check the network regularly to ensure that the communication channel is being encrypted.


  


Finally, don't be afraid to test the security of your network for the first time you develop an internal cloud and a hybrid cloud. You can provide application services in the same way as cloud computing providers, and this can be done only within the perimeter of the network, or with limited, non-critical functionality to test the strength of the cloud's suppliers. Read the guidelines released by the Cloud Security Alliance, which will help you understand the main areas of concern of cloud computing organizations.


  


However, building a network for cloud computing is only the first step. To make the cloud truly successful, you need to make sure that when you start running cloud services, your security bottom line can still be implemented. You also need to adapt and develop defensive and security technologies in order to deal with new threats.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.