When cloud computing first gained acceptance and began to gain momentum in business IT security became a headwind holding it back from even greater acceptance. After all, the IT manager may have thought moving his/her data from the premises to an off-site location is sure to be risky. Similarly, they wondered how their data could be secure when they don’t own and manage the hardware it resides on or even know where it is. While these arguments seem logical, logic does not equal security. How the data is protected is far more important than where it is geographically speaking regarding security. Many times, the data center or cloud provider is better at laying the foundation for IT security than the IT leader of a business, but it is best when there is a team effort between the two.
Beginning with Compliance
Many businesses today are faced with the challenge of regulatory compliance in their IT services. Compliance is a complicated and tedious process that includes not only IT operations but virtually all aspects of the business. A regulated business needs to consider processes that affect the datacenter as well as other departments such as employee and visitor access to data, audits and reporting, and disaster recovery. These are functions that data center providers consider as a primary part of their business. These practices are defined by certifications, with today’s most common certification being Service Organization Controls or SOC. Today you will find most data center using SOC 2. SOC 2 is a set of standards the data center complies with and reports on to satisfy their customer requirements. The audits of SOC 2 will authenticate the data center is doing what it says it does regarding monitoring, alerts and physical security. When a business moves or migrates their IT infrastructure to a SOC 2 compliant datacenter they are assured to have met their compliance goals without managing the difficult process themselves.
Encryption, Cloud Securities Best Practice
Many of the most valued processes of IT security in whole hold true for a cloud and data center environment. No single exercise is as important as encrypting the vital data of the business. Encryption is one of the most effective data protection tools because it converts the data into a secret code that renders it useless without a key. The encryption software produces a key that must be used to unlock and read the data. Data can be encrypted at rest, as when it resides in storage in the datacenter or in transit between the datacenter and the data users. Data encryption in transit is typically created by an appliance that creates a Virtual Private Network (VPN). Encryption is a vital technology to secure data wherever the data resides, encrypting the data in transit is an additional layer of security that helps keep data secure as it moves on and off site.
The Future of Security in the Cloud
It is difficult to predict future trends across industries, but this exercise proves to be especially difficult in technology. To consider how security in the cloud will be handled in the future it is important to understand how the cloud itself with be evolving. In cloud technology, containers are the technology that is gaining acceptance and market share at the current time. Containers are similar to the virtual machines (VMs) of today’s infrastructure but are more independent and create an environment for the use of microservices. Microservices is a concept that a single application for a business should consist of many smaller services instead of one monolithic application. This allows for greater overall uptime as the entire application doesn’t need to be taken down due to a single service requiring maintenance or an update. The same benefit can be realized for security. However, microservices can create a very complicated “mesh” of services that will complicate all aspects of the infrastructure including security. To alleviate these complications for security there have been opensource software packages developed. One helpful opensource software package is Istio. Istio is an opensource package that allows the infrastructure manager to secure, connect and monitor microservices. Itsio can be implemented in a “side-car” deployment where it will secure services from outside the service or container. Today we often think of security services, such as anti-malware as another application running within the server or VM it is protecting. Software like Itsio makes security more of an integral part of the application as opposed to something added to a completed solution. Opensource services like Itsio are making complicated systems easier to manage. Containers and microservices are the strongest evolving trends for the cloud, so one should look to them for the future of security in the cloud.
With each change in technology, the landscape seems to get more complicated. Security can add to the complication; however, it can be simplified if it can be considered prior to the service being developed as opposed to after. The cloud computing industry is taking the lead in corporate IT infrastructure as well as the dual role of creating new ways to approach securing a business’s data.
If you would like to talk more about security in cloud strategies contact us at:
Jim Conwell (513) 227-4131 firstname.lastname@example.org
we listen first…