Layered security in the cloud

Grazed from NetSecurity.org. Author: Ran Rothschild.

When designing your cloud architecture you may notice several differences between the cloud-computing environment and the “old world” of physical infrastructure. Two of the main differences are elasticity and dynamism, which are part of the cloud’s DNA. The fact that security-related components can be easily tested, evaluated and deployed allow many companies – both existing and newly established start-ups – to launch their solutions also or solely in the public cloud. Moreover, I argue that by combining the tools supplied by a cloud provider with external third party solutions, higher levels of security – not to mention peace of mind – are achieved.

Best-of-breed

By thoroughly evaluating your architecture, you can highlight the main areas of concern that are derived from either a business need or regulatory requirement, so that you can find the optimal security solution to fit that specific need. The optimal solution is a very personal matter as each company has their own unique sets of requirements, financial capabilities and technical expertise…

An example for this can be Amazon’s EC2 Security Group. No one can argue that the personalized per component firewall is not a good solution. However, there are better ones that work just as good on AWS’s platform whilst giving improved functionality – for example, Dome9. Not only do these guys do what AWS does, but they have taken it a step further. They actively scan your security groups’ ports and email you alerts (configured easily via SNS) if any changes are made…

Read more from the source @ http://cloudcomputing.sys-con.com/node/3129827