What is cloud security and integration

What is special about cloud security?

Cloud security is the protection of data, applications and infrastructures in the context of cloud computing. Many aspects of security for cloud environments (whether public, private or hybrid cloud) are identical to those of the local IT architecture.

The most important security gaps (such as unauthorized data disclosure and leaks, weak access controls, vulnerability to attacks and availability interruptions) affect both traditional IT and cloud systems. As with any other computing environment, cloud security is about providing effective preventative protection so that you:

  • can be sure that your data and systems are protected,
  • can monitor the current security status,
  • Know immediately when something unusual happens
  • and be able to monitor and react to unexpected events.

The main characteristics of cloud security

Many people know the benefits of cloud computing but are deterred by security threats. That is understandable. It's hard to imagine something that sits somewhere between amorphous resources on the internet and a physical server. We are dealing with a dynamic environment where things - like security threats - are constantly changing. Still, it is cloud security is largely identical to IT security. And once you understand the specific differences, you will no longer associate the “cloud” with the concept of security risk anytime soon.

The resolution of the network edge

Security is primarily about access. In traditional environments, access control is usually done through a security system for the network edge. Cloud environments are extremely networked, making it easier for data traffic to bypass traditional defensive measures. Insecure APIs (Application Programming Interfaces), weak identity and authorization management, account hijacking and malicious insiders can pose threats to the system and data. A data-centric approach is required to prevent unauthorized access to the cloud. Encrypt your data. Strengthen the authorization process. Make strong passwords and two-factor authentication mandatory. Integrate security at every level.

Software-Defined Everything

The term “cloud” refers to hosted resources that are made available to the user via software. Cloud computing infrastructures and all processed data are dynamic, scalable and portable. Cloud security controls must be adaptable to environmental variables and accompany workloads and data as they are stored and transferred, either as an inherent part of the workload (e.g. encryption) or dynamically via a cloud management system and APIs. In this way, cloud environments can be protected from system damage and data loss.

Sophisticated threat landscape

Sophisticated threats are anything that affects modern computing, and with it the cloud. Increasingly sophisticated malware and other attacks such as APTs (Advanced Persistent Threats) are designed to bypass network defenses via vulnerabilities in the computing stack. Data breaches can result in unauthorized disclosure and falsification of data. There is no one-size-fits-all solution to these threats. All you can do is implement the latest cloud security practices, which keep evolving with new threats.

Cloud security concerns us all

You are responsible for protecting your instance in the cloud - regardless of what type of cloud you are using. Just because you're using a dedicated vendor cloud doesn't mean you can or should sit back and relax. A lack of due diligence is one of the most common reasons for security breaches. Cloud security concerns everyone and that includes:

The components of your cloud play an important role. As with any other code that you download from an outside source, you need to know where the packages originally came from, who developed them, and whether they contain malicious code. Obtain software only from known and trustworthy sources and implement measures to ensure that updates are provided and installed in a timely manner.

Personal, financial and other sensitive data can be subject to strict compliance guidelines. Such regulations vary depending on where (and with whom) you do business. See z. B. the EU General Data Protection Regulation (GDPR). Review your compliance needs before choosing a cloud implementation.

With the help of cloud-native environments, you can implement new instances in next to no time, but also quickly forget the old ones. Neglected instances can become cloud zombies that are active but not monitored. In addition, these forgotten instances quickly become obsolete and do not have any current security patches. This is where lifecycle management and governance guidelines can help.

Is it easy to move your workloads to another cloud? Service-level agreements (SLAs) should clearly define when and how the cloud provider returns customer data or applications. Even if you are not planning a migration in the short term, you should still view this as a possible future scenario. Think already now of the aspect of portability in order to avoid a connection to a provider in the long term.

By monitoring the resources in your work environment, you can either avoid security breaches altogether, or at least minimize their impact. A unified cloud management platform (like Red Hat CloudForms) can help you implement comprehensive monitoring of every resource in every environment.

Choose qualified and reliable employees and partners who understand the complexities of cloud security. Sometimes a public cloud provider's infrastructure can be more secure than a particular company's private cloud because the former has a better informed and equipped security team.

Are Public Clouds Safe?

OK. Let's take a closer look at this topic. We could now explain the security differences between the three cloud implementations (public, private and hybrid), but we know which question you are actually interested in: “Are public clouds safe?” Well, that depends.

Public clouds provide adequate security for many types of workloads, but they are not ideal for all. The main reason for this is that they are not as isolated as private clouds. Public clouds are multi-tenant, i. H. You and other “clients” (= tenants) rent computing services (or storage space) from the cloud provider. As such, you sign an SLA with the provider, a contract that documents who is responsible and liable for what. It's a bit like renting a property from a landlord. The landlord (cloud provider) promises to keep the building (cloud infrastructure) in good condition, manage the keys (access) and generally leave the tenant (client) alone (data protection). In return, the tenant (client) promises not to take any action (e.g. running unsecure applications) that could affect the integrity of the building or other tenants (tenants). Unfortunately, as in real life, you cannot choose your neighbors and there is a chance that they will let the wrong people into the house. While the cloud provider's team responsible for infrastructure security concentrates on unexpected events, other clients (tenants) can still be harmed by clandestine or aggressive threats such as malicious DDoS attacks (Distributed Denial-of-Service).

Fortunately, there are some industry-recognized security standards, guidelines, and controls such as the Cloud Security Alliance's Cloud Controls Matrix. Or limit yourself to a multi-tenant (tenant) environment with additional security measures (such as encryption and DDoS risk mitigation strategies) that protect your workloads from an infected infrastructure. And if that's not enough, you can use CASBs (Cloud Access Security Brokers) to monitor all activities and enforce security policies for low-risk company functions. However, this may still not be enough for industries with strict data protection, security and compliance requirements.

Mitigate risk with the hybrid cloud

Safety-related decisions are primarily about risk tolerance and the cost-benefit analysis. How do potential risks and benefits affect the overall health of your organization? Which aspects are important here? Not all workloads require the highest levels of encryption and security. You can think of it like this: You lock the door and gate to protect your belongings, but still keep your valuables separate in a safe. There are advantages to having multiple options.

And that's why companies are increasingly using hybrid clouds, which offer a combination of all the advantages of the available cloud options. A hybrid cloud is a combination of 2 or more connected public and / or private cloud environments.

With a hybrid cloud, you can decide where to place workloads and data based on guidelines, compliance, audit or security requirements. In this way, particularly sensitive workloads can be protected in a private cloud, while less critical workloads can remain in the public cloud. Even if the hybrid cloud presents some special security challenges (such as data migration, increased complexity and a larger attack surface), the existence of several environments alone ensures better protection against security risks.

Learn more about clouds and security