Recently, I presented at a few conferences in Malaysia and Singapore on securing data center and cloud computing environments. Although cloud computing has been a very popular topic recently, TippingPoint has been securing cloud deployments for a number of years. Specifically, we have a number of customers worldwide that leverage our solutions to protect enterprise and Web applications (off the shelf and custom) from emerging threats.
There are a number of issues related to securing public/private cloud deployments. Some are obvious and some are not so obvious. The common perception is that the biggest security issue is inter-virtual machine (VM) communications. But when I talk to customers and partners, this is much lower priority because their environments (OS’s and applications) are for the most part trusted and partitioned. Recently a bigger issue has emerged in securing the cloud around implementing a cost-effective disaster recovery architecture. The challenge is replicating a large physical infrastructure in multiple locations in a cost-effective manner. To do so requires a higher capital investment up front for resources that may or may not be leveraged or used on a regular basis.
In order to address this challenge, I believe a new approach will emerge over the next couple of years to secure both public and private clouds. The solution will be a hybrid approach to security in the data center where security policy is applied to both physical and virtualized enforcement points based on overall capacity and utilization of resources. The security policy will also follow applications as they move inside the environment or if they are shunted to a different physical location. This should largely mitigate diminished application and operating system performance by inspecting content at very high speeds using virtualized enforcement only. In addition, this approach will address the budgetary issues of replicating main sites for disaster recovery.
Many challenges to public cloud security remain. These include compliance and upholding deterministic performance in the face of denial of service attacks among others. But unless customers and partners are able to cost-effectively secure a redundant virtual environment, the cost of replicating the physical security may be too high for some…
James Collinge, Senior Director of Security Product Strategy, TippingPoint
