The Wayback Machine - https://web.archive.org/web/20120709021734/http://cloudcomputing.sys-con.com:80/node/2180715

Welcome!

Cloud Expo Authors: Steve Weisfeldt, Liz McMillan, Ajay Budhraja, Jnan Dash, Scott Kinka

Related Topics: Cloud Expo, SOA & WOA, Virtualization, Security

Cloud Expo: Article

Safeguarding Management and Security in the Cloud

An exclusive Q&A with David Meizlik, Vice President of Marketing at Dome9 Security
By Elizabeth White
Article Rating:
July 8, 2012 11:00 AM EDT
Reads:
 4,752

"One of the greatest challenges to security in the cloud is management," noted David Meizlik, Vice President of Marketing at Dome9 Security, in this exclusive Q&A with Cloud Expo Conference Chair Jeremy Geelan. "With cloud computing," Meizlik explained, "the infrastructure is owned and maintained by a third party, so you can't just walk down the hall to get to your infrastructure."

Cloud Computing Journal: Cloud computing represents the advent of a global computing utility that transcends national boundaries. Is that what makes clouds a challenge from a security point of view?

David Meizlik: Globalization is more a challenge from a governance and compliance perspective. The greatest challenge to security in the cloud is that traditional security models don't apply. Take, for example, the firewall. Firewalls were designed to protect the perimeter. The cloud, however, is outside any perimeter, and thus a traditional enterprise IT approach to firewalling is simply not practical. Fundamentally, as we re-architect our infrastructure we need to re-architect our security. It's an opportunity and not just a challenge.

Cloud Computing Journal: What about other aspects of vulnerability; what are the other unique problems of cloud computing from a security standpoint?

Meizlik: One of the greatest challenges to security in the cloud is management. With cloud computing, the infrastructure is owned and maintained by a third party, so you can't just walk down the hall to get to your infrastructure. What's more, the infrastructure is extremely portable and elastic. This is a terrific challenge because at the end of the day if you can't scale your security to match your infrastructure, you've got gaps in your coverage.

Cloud Computing Journal: Is it really possible to automate firewall management clouds? For private clouds only or public ones as well?

Meizlik: Absolutely, and it's not just possible, it's critical. Cloud infrastructure (private, public, and hybrid) is highly elastic, and thus your security must be too. Now since the cloud doesn't have a perimeter, you have to deploy and manage firewalling at the cloud server. The only way to scale this efficiently, however, is through automation; specifically, time-based controls that, by default, close administrative ports like SSH and RDP and open them on demand, only when, for whom, and as long as is needed. This ensures your servers are always secure, and because your security is server side, your policies are always coupled with your infrastructure, however large and wherever present.

Cloud Computing Journal: How about companies that want to secure both their cloud and their on-premise assets, does a hybrid approach make security more difficult?

Meizlik: A hybrid approach to security is more complicated for two reasons: 1) 99% of traditional security doesn't extend to cover the cloud, and 2) the process for securing the cloud is different from on-premise infrastructure. The first is probably sufficiently evident to anyone that's read beyond page one of most security vendor's product brochures. The second, however, is more abstract, and sometimes difficult to discern. Let me illustrate by example: in the traditional enterprise, many server admin ports (e.g., SSH, RDP, etc.) are left open because the server sits behind a corporate perimeter where there's less risk and more internal controls. When you move that same server to the cloud, outside of the corporate perimeter, most of those internal controls are absent and the risk is much greater. Thus, a practice of leaving admin ports open now presents a great threat. So following the same process for the same server but in a different infrastructure presents a real problem.

Cloud Computing Journal: Is it really true that there are sysadmins in this day and age who, say, leave ports such as SSH, RDP, and MYSQL open so they can connect to and manage their cloud servers? Wouldn't that be sheer madness?

Meizlik: Yes; Admins do it every day for two simple reasons: 1) old habits die hard - they've done it for years inside their corporate network where they had a firewall perimeter and the risk wasn't as great, and 2) manually opening and closing server ports every time you need to work on a server is a real headache and simply not scalable.... Well, not scalable without automated firewall management. ;-)

Cloud Computing Journal: For an organization looking to deploy to the cloud and capture all the benefits the cloud has to offer, do you think there is anything MORE important than getting the security piece right?

Meizlik: No - security is, bar none, the biggest concern of cloud adopters. Getting it right is absolutely critical to successfully leveraging the benefits of cloud computing.

Published July 8, 2012 – Reads 4,752
Copyright © 2012 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Elizabeth White

Elizabeth is an assistant news editor at SYS-CON Events, Inc. where annual high-energy conferences are created with industry-leading players. Elizabeth works on the SYS-CON Events team behind Cloud Computing Conference & Expo, Virtualization Conference & Expo, GovIT Expo, and the UlitzerLive! New-Media Conference & Expo.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Cloud Expo Breaking News
By Liz McMillan
10th International Cloud Expo, held on June 11–14, 2012 at the Javits Center in New York City, featured four content-packed days with a rich array of sessions about the business and technical value of cloud computing led by exceptional speakers from every sector of the cloud computing ecosystem. The Cloud Expo series is the fastest-growing Enterprise IT event in the past 10 years, devoted to every aspect of delivering massively scalable enterprise IT as a service. We invite you to enjoy our ph...
Jul. 8, 2012 02:00 PM EDT  Reads: 2,348
By Elizabeth White
“One of the greatest challenges to security in the cloud is management,” noted David Meizlik, Vice President of Marketing at Dome9 Security, in this exclusive Q&A; with Cloud Expo Conference Chair Jeremy Geelan. “With cloud computing,” Meizlik explained, “the infrastructure is owned and maintained by a third party, so you can’t just walk down the hall to get to your infrastructure.” Cloud computing represents the advent of a global computing utility that transcends national boundaries. Is that w...
Jul. 8, 2012 11:00 AM EDT  Reads: 4,752
By Liz McMillan
“The speed of businesses is accelerating, requiring continuous tuning and optimization of business processes and operations,” noted Bruce Fingles, CIO and VP of Product Quality at Xsigo Systems, in this exclusive Q&A; with Cloud Expo Conference Chair Jeremy Geelan. “IT organizations must have an infrastructure that enables them to partner with business leaders and respond quickly to changes that can help drive the business forward,” Fingles concluded. Cloud Computing Journal: Agree or disagree? ...
Jul. 8, 2012 11:00 AM EDT  Reads: 3,920
By Elizabeth White
SYS-CON Events announced today that The Web Host Industry Review has been named “Media Sponsor” of SYS-CON's 11th International Cloud Expo, which will take place on November 5–8, 2012, at the Santa Clara Convention Center in Santa Clara, CA. Since 2000, The Web Host Industry Review has made a name for itself as the foremost authority of the Web hosting industry providing reliable, insightful and comprehensive news, reviews and resources to the hosting community. TheWHIR Blogs provides a communi...
Jul. 8, 2012 11:00 AM EDT  Reads: 747
By Pat Romanski
SYS-CON Events announced today that New Relic, Inc., the SaaS-based cloud application performance management provider, has been named Platinum Sponsor of SYS-CON's 11th International Cloud Expo, which will take place on Nov. 5–8, 2012, at the Santa Clara Convention Center in Santa Clara, CA. New Relic, Inc. is the all-in-one web application performance management provider for the cloud and the data center. Its SaaS solution combines real user monitoring, application monitoring, and server monit...
Jul. 7, 2012 04:00 PM EDT  Reads: 810
By Liz McMillan
SYS-CON Events announced today that SecurityStockWatch.com has been named “Media Sponsor” of SYS-CON's 11th International Cloud Expo, which will take place on November 5–8, 2012, at the Santa Clara Convention Center in Santa Clara, CA. SecurityStockWatch.com is the #1 security solutions portal for "Secure ID Solutions" and "Fraud Prevention Solutions." We invite you to visit Google to verify our top rankings first hand. Our B2B and B2Gov channel reaches your target markets and based on our demo...
Jul. 7, 2012 03:00 PM EDT  Reads: 701
By Liz McMillan
SYS-CON Events announced today that GigaOM Pro has been named “Media Sponsor” of SYS-CON's 11th International Cloud Expo, which will take place on November 5–8, 2012, at the Santa Clara Convention Center in Santa Clara, CA. GigaOM Pro is your one-stop shop for great technology market research. Join the community today and get smarter, faster. Cloud Expo 2012 Silicon Valley, November 5–8, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star c...
Jul. 6, 2012 12:00 PM EDT  Reads: 709
By Pat Romanski
SYS-CON Events announced today that The IEEE Computer Society has been named “Association Sponsor” of SYS-CON's 11th International Cloud Expo, which will take place on November 5–8, 2012, at the Santa Clara Convention Center in Santa Clara, CA. The IEEE Computer Society is the computing professional's single, unmatched source for technology information, inspiration and collaboration. By making the most up-to-date and advanced information in the computing world easily accessible, we are the sour...
Jul. 6, 2012 10:45 AM EDT  Reads: 886
By Elizabeth White
SYS-CON Events announced today that Cloud Sidekick, developer of the open source Cato Cloud Orchestration Platform, will exhibit at SYS-CON's 11th International Cloud Expo, which will take place on November 5–8, 2012, at the Santa Clara Convention Center in Santa Clara, CA. Cato provides an AWS-compatible, on-premise, agentless and brutally efficient framework to automate your applications on both cloud and datacenter infrastructure. The technology behind Cato goes back to 1999 with the mission...
Jul. 6, 2012 10:00 AM EDT  Reads: 860
By Liz McMillan
“Big Data eliminates the data silos that formerly existed, improving the depth and quality of analysis that can take place,” observed Scott Kinka, Chief Technology Officer at Evolve IP, in this exclusive Q&A; with Cloud Expo Conference Chair Jeremy Geelan. “Without these barriers, Kinka continued, “we gain access to information that was never before available. We can see where there are underserved markets, opportunities, problems that need to be addressed.” Agree or disagree? – "While the IT sa...
Jul. 5, 2012 07:30 AM EDT  Reads: 3,226
MORE »