If you tap into the chatter on Cloud Computing, you will hear lots of
concerns about the security issues, regulatory issues, etc.. Even though some of
the negative chatter are totally overblown, one cannot reject these security
concerns, especially in the case of enterprises. Off late, we are seeing
tremendous progress on the security front but it is still a long way to go
before the enterprise customers are convinced. Government adoption of Cloud Computing helps in this regard but
technological solutions go a long way in convincing enterprises.
In October last year, I talked about VPN-Cubed, a neat perimeter kind of security by
CohesiveFT.
Today’s release of VPN-Cubed
will offer a security perimeter covering the IT assets deployed in any kind of
ecosystem (cloud or managed). One of the biggest worries for enterprise
customers is the need to cede control of the security of their data to the cloud
provider. With this solution, the company can retain the control of security
even inside the cloud. VPN-Cube uses the popular Open Source VPN software,
OpenVPN, to act as an encrypted LAN inside a single cloud or as an encrypted WAN
across multiple clouds. This allows the cloud based clusters or the hybrid
cloud-enterprise datacenter ecosystem to appear as a single physical network
similar to Enterprise 1.0 infrastructure.
Their approach simulated a network similar to traditional datacenters and
enterprise infrastructure facilities. In this post, I am going to briefly
discuss about another Cloud Computing Security vendor called Third Brigade. Third
Brigade takes an altogether different approach. They believe in tackling the
security at the virtual machine level. Their product, called Third Brigade VM
Protection, is free for companies up to 100 virtual machines. It is
available for Microsoft Windows Server 2003, Microsoft Windows Server 2008 and
RedHat Enterprise Linux 5.0 platforms.
In the traditional datacenter world, the servers are protected using a
perimeter level security like firewall with the usual security tools like IDS,
IPS, etc.. With the use of public clouds, the idea of perimeter, as we know from
the previous era, vanishes because the third party cloud infrastructure
providers use multi-tenancy to offer cost savings. Multi-Tenancy brings in risks
like attacks from other virtual machines in the same physical hardware, either
by a rogue admin of other virtual machine(s) in the hardware or through remote
exploitation of scripts present in the other virtual machine(s) in the same
hardware. This makes traditional perimeter based security totally meaningless.
Even though the cloud infrastructure provider may secure the physical server,
they wash their hands off from the security, patch management, log monitoring,
etc. associated with the virtual servers. This puts the burden of security on
the Cloud users and calls for a new approach to the Cloud Security.
Third Brigade considers implementing security at the virtual machine level as
the correct approach to Cloud Security and offer an easy solution that secures
each and every virtual machine without the associated labor intensive tasks.
They make VM security deployment easy from a centralized location. Their
security product consists of the following essential components.
- A powerful bidirectional Firewall with a centralized facility to manage the
firewall policies and templates - An IDS that could offer protection against exploits and zero day attacks
minimizing risks associated with any delayed deployment of vendor patches - Data integrity monitoring for compliance and regulatory purposes
- Log inspection for security related admin purposes
The other advantages of Third Brigade VM Protection product, apart from
offering the Cloud Security, are seamless deployment across multiple virtual
machines and easy mobility of virtual machines. A virtual appliance setup and
secured using Third Brigade’s product can be easily moved to another physical
server or even an altogether different datacenter. In addition to these
advantages, Third Brigade VM Protection can be easily deployed even if the
virtual machines are spread across different datacenters.
The Cloud Security is getting better and better. Soon, we will be talking
about security as a benefit of Cloud Computing along with usual suspects like
cost, scalability, redundancy, etc.. It is time for enterprises to map out their
Cloud Strategy to avoid being a loser in this dull economy and competitive
marketplace.