How do you plan to implement a cloud computing network?

Cloud computing represents a huge change in business functionality, especially for an organization's IT infrastructure. No one can feel the impact of this change more than Internet managers, because their task is to ensure the security of institutional data and network users.

While sharing data, applications, and it infrastructures can bring significant cost and productivity benefits, they only occur outside the ideal area of the enterprise firewall and physical environment. As a network manager, your task in the cloud computing process is to ensure that users and data are secure after transferring data, applications, and infrastructure to the cloud. While cloud service providers need to share a common responsibility for enterprise data security, the ultimate Corporate Security supporter, the network manager, is responsible. In this article, we will discuss how to build a corporate network for security issues that extend into the cloud for infrastructure.

Before moving any data or application to the cloud, the internal network security situation must be evaluated. This is a good time to test your network to see how well the network protection performance matches your data strategy (including security, integrity, and availability), regulatory requirements, and industry best standards.

This kind of testing brings a lot of benefits. Using one or more free commercial network detection tools will surely find the situation worse than the ideal. Once these are perfected by better security technology and improved procedures, it is possible to establish a reasonable security baseline for the network and other devices that it hosts, users and applications, and the traffic it handles. This bottom line can be referenced in future detection and security configuration checks to determine how network security will be affected by the transfer to cloud computing.

Second, it also shows that it is important to understand the security policies and procedures of the cloud service provider. The key is to find a security level that meets both the security requirements of the enterprise and the firewall's ability to defend itself. To avoid confusing who will be responsible for all aspects of your data security, such as backup, access, and data corruption, I will make it clear under the contract which party is responsible for complying with the policies or standards.

Depending on how the cloud service is transmitted, the firewall settings may need to be adjusted. To ensure that measures including perimeter protection, such as the IPs system, have been properly adjusted, work closely with the vendor because the vendor is certainly experienced in dealing with various possible network security configuration issues. If necessary, modify the firewall rules or open other ports, you must make sure that each of these changes have a second network detection, thereby updating the network security bottom line. You can use tools such as nmap to check to make sure that only the appropriate ports are open and that no authorization or connection violates the security policy.

Whenever a new service is added to the network, you must ensure that access rights and responsibilities are fully segregated to prevent individuals from potentially damaging company data. It would be necessary to review the authority of the account and the employment registration of human resources, which would ensure that the authority was still appropriate and that accounts that were no longer in use were terminated. As part of cloud computing, any network access control (NAC) system configuration needs to be checked again if you open up network access to third parties, such as suppliers and customers. Make sure that the current NAC product can cope with a sharp increase in users. In fact, many organizations are still looking for SaaS-based NAC solutions to ensure scalability and interoperability.

Because the application of cloud computing can eliminate the difference between static data and dynamic data to some extent, data encryption becomes one of the most important protection methods. In essence, encrypted data is protected, so all data and traffic will need to be encrypted even if it is protected by other services. In addition, encrypted data is unreadable, easing some of the worries about cloud data corruption. Data encryption also allows separation of tasks and data because the key controls access to the data. I might use analysis software such as Wireshark to check the network regularly to ensure that the communication channel is being encrypted.

Finally, don't be afraid to test your network for the first time you develop an internal cloud and hybrid cloud for the experiment. You can provide application services in the same way as cloud computing providers, and this can be done only within the perimeter of the network, or with limited, non-critical functionality to test the strength of the cloud's suppliers. I also recommend that you read the guidelines published by the Cloud Security Alliance, which will help you understand the main areas of concern of cloud computing organizations.

However, building a network for cloud computing is only the first step. To make the cloud truly successful, you need to make sure that when you start running cloud services, your security bottom line can still be implemented. You also need to adapt and develop defensive and security technologies in order to deal with new threats. In the next article, we will focus on these challenges.

Original source from "Bit net", reprint please keep the original link: http://sec.chinabyte.com/144/12153144.shtml

(Responsible editor: Liu Fen)