Although everyone has a preliminary understanding of cloud security, it may be possible to gain a deeper understanding of cloud security through some specific examples. The following are examples of four problems that most users are worried about and tell you how these problems are solved.
Cloud Model: SaaS
Security Concerns: Single Sign-On
When Lincoln Cannon was hired 10 months ago as head of network systems at a 1,500-employee medical device company, he wanted to help the sales department switch to Google Apps and eLeap, a SaaS-based training app, to reduce development costs and increase productivity.
However, some concerns need to be addressed. Marketers don’t want users to have multiple logins, and IT departments want to keep their accounts under control by retaining access, especially as new hires and employees leave their accounts.
Cannon chose Symplified’s single sign-on because it can contact Active Directory and verify the credentials of users trying to log into the cloud application. Google Apps uses APIs to offload user authentication to single sign-on providers. But if eLeap is used, the system also needs to use an authentication adapter.
Cannon thinks it’s like a hold. Because in order to obtain eLeap training cases or Google applications, you need to pass the verification of the single sign-on provider. And it also syncs with Active Directory. We define the accounts authorized to access these SaaS applications through Symplified, and when we want to close some AD accounts, it will block the closed accounts in time to prevent these accounts from accessing SaaS applications.
The Symplified system can operate in a SaaS model, but the appliance company opted to deploy a Symplified
Managed routing. This is done because the IT department doesn’t want to manage user accounts and passwords on the cloud. All this manipulation of accounts and passwords happens behind the firewall.
Cloud Model: IaaS
Security Concerns: Data Encryption
Flushing Bank in New York, CIO Allen Brewer wants to switch to the cloud for data backup. With Zecurion’s Zerver, Flushing Bank is now backing up files over the Internet. The first problem the bank has to consider is data encryption and finding a service provider that can adapt to the bank’s existing encryption laws. Brewer said some companies rely on their own suppliers to provide encryption. All data sent and held by the bank is encrypted at the provider.
Some cloud-based backup storage providers install the appliance on the client side to accommodate encryption, but Flushing is not interested in such an installation. Brewer chose Zecurion because he knew the location of the data center where the information was stored. He said he knew where the company’s three data centers were, rather than sending data to the cloud and not knowing where it was.
Cloud Mode: Field Cloud
Security Concerns: Virtualization
When Matt Reidy, director of IT operations at SnagAJob.com, embarked on the company’s three-year technology refresh, his goal was to upgrade the company’s existing 75% virtual environment to a 100% virtual, private secure cloud computing At its core, it uses Dell blade servers running VMware and vSphere.
Reidy believes that RnagAJob, as a rapidly growing website with potential for development, needs the flexibility to operate in a cloud model. Before the technology update, SnagAJob had a multi-layer architecture with firewalls that physically separated the web, application and data layers. Reidy could previously remove the physical firewall and deploy a virtual firewall from Altor Networks to achieve percent virtualization. Physical firewalls will only exist in peripheral products outside of intrusion detection and prevention devices in the future.
Reidy also explained that in vShpere
Before version 4, users could run firewall appliances as virtual machines, but their performance was limited because network traffic had to pass through these virtual machines. Now, vSphere has an API called VMsafe that allows firewall vendors such as Altor and Checkpoint to move traffic inspection into the VMware core.
Reidy believes the new version improves the product’s performance, stability and security. With the Altor Virtual Firewall, his team can now also observe how traffic flows between virtual machines, including protocols and data sizes. This is a challenge in the virtual cloud space because traditional offerings can’t do it. And now, we can get more security because we can see the data in transit and write rules based on this observation. Other products with this kind of visibility include Cisco’s NetFlow and Juniper’s J-Flow, as well as an open systems standard called sFlow.
Cloud Model: PaaS
Security Concerns: Virtualization, Business Continuity, Auditing
In the new company, Kavis chose to let Amazon host the company’s entire structure. Before that, he spoke with security experts who were deploying virtual machines to clarify his needs. Kavis then created a dummy image that applied those controls, and created a stencil program that could be copied at any time and installed on a new virtual machine as needed.
“Amazon offers virtual image software, but it’s not as secure,” Kevis said. “With PaaS, that’s the only issue to deal with, but with IaaS, I can set the security to the level I want. , and it will be more flexible in operation.”
Kavis also needs to perform all the functions that a system administrator should perform, like opening and closing ports, writing configuration, locking databases. Instead he uses the LAMP stack provided by Amazon. Kavis is very pleased with the perimeter security provided by Amazon and believes that its products are at a level that many companies cannot.
To ensure business continuity, Kavis replicates all data to more than two additional environments. Unless Amazon’s environment in multiple regions is completely paralyzed, Kavis’s business will be paralyzed. However, Amazon has a high level of reliability for each designated domain, so it is very unlikely that all businesses will go down at the same time.
Another issue that Kavis has to address is moderation. Since the rules don’t yet reflect cloud computing, the rules bring access to the physical box, which the user can’t do in the public cloud. For compliant data, Kavis plans to use a virtual private cloud. This way the provider will say, “Your server is locked, if you need an audit, you can bring an auditor to check. We will do this to complete the audit, but all operations will be on the public cloud.” Even the user Certain types of data need to be ingested on-site, and processes need to be offloaded to the public cloud from a scale and cost perspective.