PUBLIC, PRIVATE & HYBRID CLOUD SECURITY TIPS Blog #2 of a multi-part series on Security in the Cloud, by Rick Vincent – Director of Sales Operations at cloud provider, Peak (getcloud@ poweredbypeak.com) May 21, 2014

In part 1 of my cloud security blog I discussed how cloud services have forced a shift in security budgets. Originally security budgets went to protecting the perimeter of an enterprise. Now cloud requires security measures be woven into every functional area of the company—from each business unit’s infrastructure and line of business applications to externally sourced SaaS service agreements and identity management systems.

In this entry, I will provide public, private and hybrid cloud security tips. Cloud computing can be divided into two general camps: public, in which the network, compute, and storage are multi-tenanted with little or no SLA on availability; and private, in which resources are dedicated, architected for high availability, and backed with SLA guarantees. When it comes to flexibility and economy, both types of cloud deliver with ease. When it comes to security, however, private clouds can offer significant advantages over public.

PUBLIC

The public cloud can be a hostile environment. You will have limited or no visibility into the underlying infrastructure and security controls. Nor will you have control over who’s sharing your resources and the risks they could potentially introduce into the host system or data stores. Therefore, public clouds require a holistic approach to security: every component of the infrastructure must be secure and auditable in order to support business-critical computing and compliance.

Tips when considering public cloud:

  • Be wary of network QOS and DDOS mitigation. Your public cloud probably doesn’t manage this for you.
  • Be wary of noisy neighbor syndrome. Does your provider offer performance guarantees?
  • Ensure adequate data security and firewalling of your environment.
  • Ensure adequate authentication and security controls.

Fortunately, tools are being developed to give IT administrators back some level of control over data in public clouds. Citrix, NetApp, and VMware each offer forms of cloud-level data management. Citrix ShareFile, for example, provides a hybrid approach to public clouds. Data can live wherever it’s needed but is always under the control of the ShareFile control plane. Data can’t be shared without permission, and data that’s managed remotely can be wiped clean no matter what device it’s on.

PRIVATE

A private cloud is a virtualized datacenter within the cloud. Think of it as relocating your data center to an offsite location: you have dedicated compute, network, and storage resources that you manage as your own, just like you did on-premise. In this way, you can leverage the economics of the cloud without reworking business processes and applications to accommodate the rigorous security demands of public clouds. In the case of Peak®’s private hosted cloud, you can ‘come as you are’ and bring your own security (BYOS) or network (BYON) thanks in part to our Cloud’s Peak-to-Peak Layer 2 Direct Connect service. Private clouds are especially advantageous to shops with tight regulatory requirements or limited resources.

Tips when considering private cloud:

  • Make sure your cloud provider lets you ‘bring your own’ security capabilities.
  • Don’t settle for your provider’s options; use yours. You’ve tested it. You use it. You trust it.
  • Ask your provider about their private networking and vLAN capabilities. Ideally you want Layer 2 connections to/from your customer premise, data centers and from cloud to cloud. With Layer 2 you maintain network isolation and reduce complexities. At Peak, for example, customers can bring their network to our Cloud as-is. We eliminate the need to provision and manage complex firewalls, routers, and Spanning Tree Protocol [STP].

HYBRID

In some cases, the best methodology will command the resources of both private and public clouds. This hybrid approach supports the shift from traditional, single-system to multi-tiered application deployment. It also increases the available resources for test and development, business continuity, and managing resource demand spikes. To support data privacy and prevent leaks, all data moving between private and public clouds must be encrypted, and access to it must be tied to user identities.

Tips when considering hybrid cloud:

  • Ensure your cloud provider offers flexible usage of their storage and compute resources. In other words, if all you need is storage, does your cloud provider allow you to just buy storage?
  • Determine whether your cloud provider gives you the ability to leverage existing tools, such as VMware APIs.
  • Make sure your cloud provider allows you the ability to provision and leverage your existing vLAN topology. With Layer 2 private connectivity, you can use the same connection to access both public and private resources while maintaining network separation between public and private environments.

Fortunately, tools are being developed to give IT administrators back some level of control over data in public clouds. Citrix, NetApp, and VMware each offer forms of cloud-level data management. Citrix ShareFile, for example, provides a hybrid approach to public clouds. Data can live wherever it’s needed but is always under the control of the ShareFile control plane. Data can’t be shared without permission, and data that’s managed remotely can be wiped clean no matter what device it’s on.

Want to read more about cloud? Check out our blog series on the Economics of the Cloud: The Economics of the Cloud Buyer Beware