Welcome!

@CloudExpo Authors: Elizabeth White, Jim Hansen, Liz McMillan, William Schmarzo, Yeshim Deniz

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Article

Dynamic Cloud Security: Test Driving the Benefits

Cloud security represents a spectrum of capabilities that you can tailor to your needs

Many IT organizations assume that security risks increase with a shift to cloud computing. The reality, however, is not so clear-cut. In fact, many of these same organizations will be surprised to learn that adopting cloud operating models with appropriate governance and security controls can actually reduce the level of risk relative to their current IT environments. Here's why:

IT professionals frequently develop unwarranted security concerns regarding cloud computing primarily because cloud environments are dynamic and enable new levels of workload portability that are very different from what they're familiar with. In cloud environments, application workloads can be moved to totally different physical infrastructure or service providers from one deployment to the next. The underlying application data can move even more frequently, depending on the type of instance and persistent storage options you've selected.

This means your security boundaries have to be dynamic too. They have to move with the workload and the data, and self-configure themselves in new environments in a consistent and automated manner.

Taking Cloud Security for a Spin
A simple analogy can be made between securing cloud workloads and securing a car. When you park your car in your home garage, typically you just close the garage door and that's it. You assume your car is safe inside your garage along with your other belongings, so you typically don't worry about locking your car doors or taking other precautions.

However, when you park your car somewhere else, you typically lock the doors to secure it. There are several ways you can do this. The door locks could be activated by a remote, a keypad on the door, or the proximity of an RFID tag in the key fob. You may decide to upgrade your security by adding a factory alarm system, steering wheel lock, LOJACK tracking system, or other security system depending on the car's value. Finally, you can also decide where to park your car depending upon your risk tolerance. For example, you may accept your favorite restaurant's offer of valet parking in a monitored lot instead parking down a secluded street.

The point is that you can create a portable security boundary around your car that can be equal to or even more secure than your garage. Cloud security is similar in concept where portable cloud workloads offer a wide range of options to establish a very effective portable security boundary. In fact, cloud workload security has an additional important benefit over the car analogy, which is that security configurations can be completely automated and policy-driven. Using the car analogy, this means you no longer have to worry about forgetting to lock your door or arming your alarm system in the parking lot, because the car will automatically do it for you.

Under the Hood: Cloud Security Options
This new approach to securing a moving workload is a big departure for many IT groups that are used to working in more static and controlled environments (similar to the home garage). These IT groups are used to working with physical data center infrastructure, traditional firewalls, mostly static networks, and familiar resources that they own and control. The idea of moving workloads in and out of new environments they don't control is a big concern, especially knowing they've expended tremendous time and attention manually configuring their own environment.

However, today a broad range of proven technologies can deliver consistent, automated security for portable cloud workloads. They include virtual private networks, encrypted data storage, host intrusion detection systems, hypervisor-based firewalls, and federated identity management systems. These systems can complement each other to provide an end-to-end security solution that encompasses instances, data, network, and role-based access as desired.

Importantly, these systems can be automatically enforced through security policies that essentially eliminate the risk of human configuration errors (e.g., forgetting to lock the car doors). In other words, you can design a customized level of security into each of your cloud workloads from the beginning, so that they consistently and automatically establish the desired security boundary conditions each and every time they are deployed. These security policies are designed to be abstracted above the cloud implementation layer, and can be enforced across multiple heterogeneous cloud deployment environments.

Benefits That Extend Beyond Security
This leads to important business benefits that extend beyond the typical risk mitigation aspects of providing security. By automating end-to-end security configuration, you can make significant gains in reducing workload provisioning and deployment time. Depending on your current security processes, this can make a very significant impact on improving business agility. Typically, the upfront investment to initially create automated security policies gets paid back in dividends many times over by automating enforcement and enabling more rapid deployment. You can also significantly reduce the complexity of managing and changing your security rules over time since policies can be enforced broadly or fine-grain across your organization, and modifications take effect right away.

Although securing cloud workloads is important, it doesn't stop there. You'll also need to revisit the people, processes, and management systems used to govern workload deployments. Insufficient control over who can provision a workload, where it can be deployed, for how long, and at what cost or capacity can be a recipe for disaster, even if the workload itself is secure. Beyond obvious cost and capacity management concerns are additional risks associated with regulatory violations and inadvertently deploying assets to the wrong environment.

Governance Rides Shotgun
For these reasons, cloud security and cloud governance need to work hand-in-hand. Enterprise cloud governance often gets complicated very quickly due to the many-to-many relationships that exist among workloads, user groups, deployment environments, departmental usage policies, industry regulations, geographic restrictions, and other attributes that exist in a large enterprise. As a result, policy-driven governance platforms are critical to managing and controlling all these permutations in a transparent and automated manner.

Effective governance requires several key capabilities, including a policy framework that is extensible, so that organizations can customize their own industry- or company-specific policies when needed. It also requires a governance platform integrated with your cloud provisioning and implementation layer, so that governance is consistent and enforceable across all of your workloads and all of your internal and external cloud environments.

Tackling the Security Challenge
Addressing cloud security is an important milestone you'll face as you embark on your cloud strategy. At times, security challenges may seem too complex or insurmountable, so here are a few tips to help make those initial projects more manageable.

First, realize that cloud security represents a spectrum of capabilities that you can tailor to your needs. You probably don't want to implement all of it right away, so screen initial projects and workloads based on security sensitivity and their target cloud deployment environments to lower the initial security risks and requirements.

Also realize that there's a broad range of cloud tradeoffs you can make to lower your risk/security exposure in exchange for partial sacrifices in economic and agility benefits in the short term. For example, some organizations set up their first external private clouds at their current hosting providers with dedicated hardware in a locked cage using an existing dedicated network link. This approach may cost a bit more, but you can start with this conservative security approach and still prove out aspects of your cloud operating model while building trust and security experience over time at a comfortable pace.

More Stories By Derick Townsend

Derick Townsend, VP of Product Marketing for ServiceMesh, has nearly 20 years of marketing experience across a wide range of high tech products and services. Prior to ServiceMesh, Derick led marketing for enterprise software startups including iTKO (acquired by CA) and Webify (acquired by IBM). While at IBM, he was responsible for Business Process Management marketing and messaging across IBM’s Software Group. He also held key sales, marketing, and technical roles in other companies including United Technologies, Sterling Information Group, Momentum SI, and HotLink Incorporated which he also co-founded. Derick holds an MBA from the University of Texas at Austin and an engineering degree from the University of Arizona.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Building a cross-cloud operational model can be a daunting task. Per-cloud silos are not the answer, but neither is a fully generic abstraction plane that strips out capabilities unique to a particular provider. In his session at 20th Cloud Expo, Chris Wolf, VP & Chief Technology Officer, Global Field & Industry at VMware, will discuss how successful organizations approach cloud operations and management, with insights into where operations should be centralized and when it’s best to decentraliz...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, will discuss how to use Kubernetes to setup a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace....
In his session at @ThingsExpo, Sudarshan Krishnamurthi, a Senior Manager, Business Strategy, at Cisco Systems, will discuss how IT and operational technology (OT) work together, as opposed to being in separate siloes as once was traditional. Attendees will learn how to fully leverage the power of IoT in their organization by bringing the two sides together and bridging the communication gap. He will also look at what good leadership must entail in order to accomplish this, and how IT managers ca...
The financial services market is one of the most data-driven industries in the world, yet it’s bogged down by legacy CPU technologies that simply can’t keep up with the task of querying and visualizing billions of records. In his session at 20th Cloud Expo, Jared Parker, Director of Financial Services at Kinetica, will discuss how the advent of advanced in-database analytics on the GPU makes it possible to run sophisticated data science workloads on the same database that is housing the rich inf...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo 2017. The @DevOpsSummit at Cloud Expo New York will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and @DevOpsSummit at Cloud Expo Silicon Valley will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Have you ever noticed how some IT people seem to lead successful, rewarding, and satisfying lives and careers, while others struggle? IT author and speaker Don Crawley uncovered the five principles that successful IT people use to build satisfying lives and careers and he shares them in this fast-paced, thought-provoking webinar. You'll learn the importance of striking a balance with technical skills and people skills, challenge your pre-existing ideas about IT customer service, and gain new in...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers...
DevOps and microservices are permeating software engineering teams broadly, whether these teams are in pure software shops but happen to run a business, such Uber and Airbnb, or in companies that rely heavily on software to run more traditional business, such as financial firms or high-end manufacturers. Microservices and DevOps have created software development and therefore business speed and agility benefits, but they have also created problems; specifically, they have created software securi...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, Cloud Expo and @ThingsExpo are two of the most important technology events of the year. Since its launch over eight years ago, Cloud Expo and @ThingsExpo have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, I provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading the...
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
While not quite mainstream yet, WebRTC is starting to gain ground with Carriers, Enterprises and Independent Software Vendors (ISV’s) alike. WebRTC makes it easy for developers to add audio and video communications into their applications by using Web browsers as their platform. But like any market, every customer engagement has unique requirements, as well as constraints. And of course, one size does not fit all. In her session at WebRTC Summit, Dr. Natasha Tamaskar, Vice President, Head of C...
Cloud Expo, Inc. has announced today that Aruna Ravichandran, vice president of DevOps Product and Solutions Marketing at CA Technologies, has been named co-conference chair of DevOps at Cloud Expo 2017. The @DevOpsSummit at Cloud Expo New York will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and @DevOpsSummit at Cloud Expo Silicon Valley will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In their general session at 16th Cloud Expo, Michael Piccininni, Global Account Manager - Cloud SP at EMC Corporation, and Mike Dietze, Regional Director at Windstream Hosted Solutions, reviewed next generation cloud services, including the Windstream-EMC Tier Storage solutions, and discussed how to increase efficiencies, improve service delivery and enhance corporate cloud solution development. Michael Piccininni is Global Account Manager – Cloud SP at EMC Corporation. He has been engaged in t...