Will your cloud weather the coming storm?
Cloud computing has been compared to the early proliferation of electricity. Homes, businesses and towns did not want to produce or rely on their own source of power. They began connecting into a greater power grid, supported and controlled by power utilities. Along with this utility connection came time and cost savings, in addition to greater access to, and more reliable availability of power. Similarly, cloud computing can be beneficial for both service providers and enterprises. Through it, enterprises can achieve significant benefits such as flexibility through outsourcing of software and hardware, greater efficiency in IT spending, and more choices for computing resources.
NEW SECURITY RISKS
Virtualization is a key building block and enabler of cloud computing. This is because virtualization technology eliminates the old “one server, one application” model and enables multiple virtual machines to be run on each physical machine. This enables corporate datacenters and cloud service providers to improve the efficiency and availability of their IT resources and applications, which leads to the benefits of cloud computing. However, virtualization introduces new and powerful security risks to cloud computing that cannot be addressed by traditional security solutions alone.
Cloud computing introduces these new security risks:
• Inter-VM (virtual machine) attacks – traditional network security devices have no visibilityto inter-VM attacks
• Resource contention – anti-virus scanning and signature file updates on each VM can put excessive load on the host
• Instant-on gaps – Dormant VMs may not be kept up-to-date
• Complexity of management – proliferation of VMs leads to increased complexity in consistent security policy enforcement
• Vulnerability exploits – attacks on system and application vulnerabilities that are unprotected as IT support is unable to keep up with the patches for different types of operating systems, applications and virtual machines
A new security paradigm for the cloud
Security needs to be changed to support cloud computing. The old methods of traditional security are not good enough to thwart new forms of threats in the cloud. The key solution to this problem is: the host server or endpoint must protect itself. Adapting your security perimeter and applying security mechanisms as close to the virtual machine as possible will deliver optimal protection while maintaining the performance and flexibility of your virtualised servers. This VM-centric focus allows customers to achieve security without significant impact to their cloud infrastructure. Applying comprehensive security mechanisms at the VM enables virtual machines to become self-defending against the increasingly sophisticated attacks launched by professional hackers. Trend Micro provides an agent-less approach that integrates at the hypervisor level, which can ensure all virtual machines are protected. Customers can access their applications that can be located in the datacenter or in the public cloud. With the hosts being able to defend itself, all corporate servers are protected, whether in the private, hybrid or public cloud.
Additionally, cloud encryption technology, available from Trend Micro, will enable your data to be moved around the cloud safely and confidentially. . The encryption keys are unique and controlled by customers themselves so that data is secure even in a multi-tenant cloud environment.
Here are some best practices and recommendations for virtualization and cloud security: • A virtualization-aware solution and approach that offloads security functions to a virtual appliance will prevent resource contention and excessive load on the host servers
• An agentless-approach to improve VM performance and reduce management complexity
• A security solution that integrates with the hypervisor (e.g. VMware vSphere) for inspection of inter-VM traffic and file activity within each VM
• Eliminate the need for scanning of clean baseline images to increase efficiency of host
• Improve virtualization ratio to maximize cost saving benefits
• Use virtual patching to protect system vulnerabilities before patches are available or applied
Enterprises that are seeking help to support their cloud security initiatives should also ask their vendors these key questions:
• As virtualization is a key enabler of cloud computing, does the security solution support the latest security APIs from virtualization platform vendors such as VMware?
• Do they have solutions that manage and protect tablets, smartphones, and other consumer devices in the corporate environment?
• What is the vendor’s cloud-client architecture?
How do they leverage cloud computing to deliver more effective protection against new threats such as virtualization attacks and Advanced Persistent Threats (APTs)? The transition to virtualization and cloud computing will create security lapses and vulnerabilities and it necessitates customers to work closely with a security partner to provide effective security during all stages in the transition. This vendor should offer a strong track record of host-based security and present a thoroughly-considered vision of the future.