Full RSS Feed
Receive
the Free CMSWire Newsletter
Over the past few months, we've identified a considerable amount of research by both vendors and independent researchers that indicates many companies in the enterprise and SMB spaces are looking at cloud computing to cover their IT needs. The research also shows however, that security concerns are holding them back.
The advantages of cloud computing are considerable and relate principally to economical access to software at a considerably cheaper rate than on-premise deployments.
Evolving Security
That said, many companies are on the move and using virtualized data centers as a stepping stone between the full adoption of cloud computing and private clouds.
According to Gartner (news, site), to achieve effective and safe private cloud computing deployments, security, as it exists in virtualized data centers, needs to evolve and become independent of the physical infrastructure that includes servers, Internet Protocol (IP) addresses, Media Access Control (MAC) address and a lot more.
However, it must not be bolted on as an afterthought once companies move from enterprise deployments, to virtualized centers, to private/public cloud.
While the basic components of security in information management remain the same — ensuring the confidentiality, integrity, authenticity, access and audit of information and workloads — a new, integrated approach to security will be required.
Security in the Cloud
So what is required for companies looking at the security of their private cloud deployments? Neil MacDonald, vice president at Gartner, explains that security must be an integral, but separately configurable part of the private cloud fabric, designed as a set of on-demand, elastic and programmable services. To achieve this, cloud security must display six different attributes:
1. On-Demand Elastic Services
Security needs to be delivered as a service rather than as a set of products siloed within physical appliances. Like other cloud services, it needs to be delivered ‘on demand’ to protect data and projects when and where protection is needed.
The services must be an integral part of the private cloud management and be available to any type of workload whether that workload is server or desktop based. Appropriate security services should also be applied to the workload as it moves across its lifecycle, with the security applied appropriate to the lifecycle stages.
2. Programmable Infrastructure
The security services that are applied across the cloud must be open to being programmed. With programmable security infrastructure, the services should be accessible using RESTful APIs that are programming language and framework independent.
By making the service accessible, using APIs, security policies are programmable from administration points and will enable IT security professionals to focus on managing polices and not programming infrastructure.
3. Logical Security Policies
As security services are deployed in virtualized data centers and then private clouds, security policies need to be cut away from physical infrastructure and related to logical rather than physical attributes.
The desired result is that the move of entire IT stacks to private and public clouds should decouple workloads from specific devices. As static security policies associated with physical attributes are cut away, security assessments of what actions should be allowed or denied will become quicker. It will also be possible to incorporate real-time context at the time a security-based decision is made.
Continue reading this article:
Email It
