Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.



Similar documents
Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Hybrid Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Security in the Software Defined Data Center

How To Protect Your Cloud From Attack

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Securing the Physical, Virtual, Cloud Continuum

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

Microsoft Private Cloud

Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Simplified Private Cloud Management

Building Private & Hybrid Cloud Solutions

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Proactively Secure Your Cloud Computing Platform

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, Brian Grayek CISSP, CCSK, ITILv3

Cloud Services Catalog with Epsilon

Total Cloud Protection

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

How To Compare The Two Cloud Computing Models

Elastic Private Clouds

Session 2. The economics of Cloud Computing

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

The cloud - ULTIMATE GAME CHANGER ===========================================

SINGTEL BUSINESS - PRODUCT FACTSHEET MANAGED CLOUD SERVICE (SINGTEL IAAS)

Remote Voting Conference

Increased Security, Greater Agility, Lower Costs for AWS DELPHIX FOR AMAZON WEB SERVICES WHITE PAPER

Cloud Essentials for Architects using OpenStack

Virtualization, SDN and NFV

Designing & Managing Reliable IT Services

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Creative Configurations

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Computing: Public, Private, and Hybrid. You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds.

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Security Issues in Cloud Computing

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

All the benefits of Public Cloud on Private, Dedicated Infrastructure. Benefits. Enterprise-Level Security. High Performance. Compliant and Audited

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

Moving Lab Management Environments to the Cloud

STeP-IN SUMMIT June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case)

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

Securing Virtual Applications and Servers

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Assessing the Business Value of SDN Datacenter Security Solutions

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

5 Best Practices to Protect Your Virtual Environment

Build and Manage Private and Hybrid Cloud. Urban Järund, Sr Regional Services Manager Nordics, Red Hat

The Impact of PaaS on Business Transformation

1 Introduction. 2 What is Cloud Computing?

Cloud Security Introduction and Overview

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Agenda About SUNY and ITEC Cloud project Challenges and Use cases for ITEC Cloud EM Solution Business Benefits

Netzwerkvirtualisierung? Aber mit Sicherheit!

The next wave transformation

Software defined networking. Your path to an agile hybrid cloud network

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis

A Look at the New Converged Data Center

Understanding Virtualization and Cloud in the Enterprise

Best Practices For Public Cloud Security Part Three Of A Three-Part Series On Public Cloud Security

Cloud and Data Center Security

Mirantis OpenStack Express: Security White Paper


Cloud computing: the IBM point of view

How the Software-Defined Data Center Is Transforming End User Computing

Cloud Computing; What is it, How long has it been here, and Where is it going?

Operationalize Policies. Take Action. Establish Policies. Opportunity to use same tools and practices from desktop management in server environment

Transcription:

Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc.

Introduction Cloud computing has completely transformed the way business organizations use IT both inside and outside of their organization. In spite of the economic benefits offered by public cloud services, organizations are reluctant to move their infrastructure outside their premises. However, they also want to apply the lessons learned from public clouds to better optimize the resource usage in their infrastructure. Private clouds offer an easy solution to help businesses take advantage of some of the benefits of cloud computing without compromising on security and control. In this whitepaper, we will discuss the business benefits of private clouds and the security requirements needed to mitigate any risks. What is a Private Cloud? Simply put, private clouds are cloud infrastructure based on dedicated hardware under the control of the organization offering services on-demand through a self-service portal. Private clouds provide elasticity that was previously unavailable in the traditional computing models, including rapid computer resource provisioning with services billed back to individual business units. The infrastructure services are single-tenant and they can be managed by the organization or a third party either on premise or in third-party datacenters. Private clouds can be deployed either by using one of the packaged cloud platforms like Eucalyptus, OpenStack, etc. or by adding automation, management, and self provisioning capabilities to an already virtualized infrastructure. It does not matter how one deploys a private cloud as long as it results in resources being pooled together into one centralized unit; available on demand to the users to provision, manage, and monitor using a management interface; and a chargeback mechanism. Unlike public cloud services, private clouds are capital intensive but offer more control and greater security. Trend Micro, a cloud security company, conducted a survey concerning cloud adoption and captured information on the top barriers to cloud implementation. A private cloud has advantages that can address many of the respondents concerns. Trend Micro Survey Results A recent survey conducted by Trend Micro offers some insights into the expectations and concerns businesses have about cloud technologies. The survey was conducted in six different countries with 1200 respondents from companies with at least 500 employees. Some of the key results are: 50% of the survey respondents pointed to apprehension over security as a key reason for holding back on their adoption of cloud technologies. 40% of the respondents said that their IT security requirements were not being met by the current cloud providers. Krishnan Subramanian 2011 Private Clouds Page 1

48% of the survey respondents were worried about performance and reliability of cloud services. Other barriers to cloud adoption included: 27% were concerned with lack of transparency about data center facilities, hardware, and disaster recovery by public cloud providers; 27% of respondents quoted compliance as an implementation barrier; and 25% were worried about vendor lock-in. Even though the concerns of the survey respondents point out to some of the barriers to cloud adoption, these can be overcome in both the public and private clouds by using appropriate security. In this whitepaper, we will discuss the benefits specific to private cloud, its unique security considerations and the best practices to remove the implementation barriers. Benefits Even though private clouds lack some of the benefits of cloud economics and are restricted in scalability compared to public clouds, it offers other benefits suitable for business users. Cost Savings Gives the key benefit of better resource usage by effective pooling and distribution of resources. This results in a drastic reduction of resource wastage, offering increased infrastructure cost savings. Furnishes a chargeback model that helps individual units better utilize their budgets, especially in today s economic climate where budgets are limited by deeper cost cuts. Removes the need for re-architecting the existing applications to meet the requirements of public cloud environments, thereby, saving any additional costs. Business Agility Provides on-demand availability for all business units without the long wait associated with the traditional IT procurement process. This results in increased agility across all the business units, benefiting the organization in terms of cost, faster time to market, and higher productivity. Supplies better workload management in terms of faster deployment, easy management, higher reliability, and better scaling than the traditional IT infrastructure. Krishnan Subramanian 2011 Private Clouds Page 2

Security, Control and Customization Offers better security than in public clouds. This is especially critical in meeting some of the compliance needs. Having a private cloud infrastructure takes away concerns about lack of transparency on the service provider side. Delivers more control over the underlying hardware than in the multitenant environment of the public cloud, addressing the concerns expressed by survey respondents about the performance and reliability offered by public cloud service providers. Affords better customization of the infrastructure to meet the organization s functional needs. Security Considerations Even though private clouds offer more control and security than public clouds, a move from the traditional computing environments to a cloud environment requires a different set of security considerations. In this section, we will highlight some of these considerations and in the following section we will offer solutions that can be employed to take safe advantage of cloud technologies. Some of the age old security ideas tied to the physical infrastructure cannot apply in the cloud environment. Similarly, security should meet the needs of the on-demand nature of the cloud environment. Some of the security considerations in the private cloud are: Elastic and changing perimeter: In private clouds, the resources are pooled centrally and delivered on demand. The resource usage changes elastically based on the needs of the users. Businesses need to move away from the fixed perimeter idea of the traditional computing world to a more diminished and elastic perimeter. Moreover, most of the hypervisors today support VM migration which means virtual machines are not bound to specific hardware or even network. This, along with some of the other cloud features, like scaling out, will ensure that the perimeter is always changing. Management and containment issues: In private clouds where resources are pooled centrally and delivered across the organizations, managing security, assessing vulnerabilities, and fixing security flaws are different and more dynamic, partly due to its elastic nature and, also, due to the fact that multiple departments, users, and domains are involved with different sets of policies and stakes. Ineffective device-specific controls: Unlike in traditional IT, having device-specific controls, like restrictions based on MAC addresses, etc., will not work because we are dealing with virtual machines not bound to specific hardware. Policies for dynamic environments: Unlike in traditional IT, security policies need to be adaptive and intelligent and not be linked to trusted zones based on physical hardware. Krishnan Subramanian 2011 Private Clouds Page 3

Data leak risks: The cloud environments break down departmental silos and offer increased accessibility, especially to non-employees outside of the organization if given access to the on-demand computer resources. Not properly locking data down becomes an issue leading to unwanted breaches. Protecting data from leaks becomes critical in a cloud environment. Best Security Practices The threat landscape looks the same in a cloud environment, but the cloud infrastructure creates new security requirements. Cloud technologies require reconsideration of traditional security practices to meet the needs of a more centralized and dynamic environment. There are some best practices that can help mitigate the risks in the private cloud. In this section, we will list some of the important ones: VM-level security: Perimeter-level protections like firewalls and device-specific controls like restrictions based on MAC addresses do not work. Instead, we need to build the defense at the Virtual Machine (VM) level so that it travels with the VM in the cloud infrastructure. Whether a firewall or a security policy, security technologies should be designed at the VM level and not based on physical hardware. Multi-layered defense: Using tools like firewall, IDS/IPS, log inspection, etc. geared towards virtual machines is important. More importantly, the traffic between the virtual machines should be continuously monitored by setting policies appropriately. Patch management: Having the right set of policies around patching is important. Patching in the cloud environment is much more difficult than in the physical environment because VMs can be moved around and switched on and off at will. Data and encryption: In order to protect the data in a more dynamic cloud environment, businesses should have data protection policies in place. Data should be encrypted both at rest as well as in motion. Well-designed encryption key management policies ensure data integrity and specify when and where data can be accessed to support compliance and internal governance. Regulatory compliance: Businesses should understand the impact of regulations and assess which policies and procedures change in a private cloud deployment. For example, activity reporting, logging, controls testing, etc. might be different in a private cloud environment compared to traditional environments. So, it is critical to understand the nature of this change and associated impact; develop processes to collect evidence, such as audit logs; and store them securely. Also, businesses will benefit from selecting an auditor who understands the changed dynamics and challenges of cloud services. Krishnan Subramanian 2011 Private Clouds Page 4

Recommendations for Private Cloud Implementation Private Cloud Implementation In the Trend Micro survey, 13% of respondents had a private cloud in production and another 43% were implementing or were in the midst of piloting a private cloud. Private Cloud Use Cases Private clouds are useful in highly regulated industries like financial sector, healthcare, scientific computing, etc. Similarly, businesses wanting to run legacy applications will find private clouds suitable for their needs. However, it should be noted that most of the workloads can be moved to public clouds by ensuring that proper security procedures are implemented. In fact, the availability and business continuity offered by public clouds are comparable to those offered by private clouds. Conclusion Private clouds offer organizations a way to better optimize their infrastructure by taking advantage of some cloud-like features while still enjoying the security and control needed for their businesses. Private clouds are especially useful for organizations with strict compliance requirements or a need to protect their high value IP, although encryption and virtual machinelevel security may allow even sensitive data to be moved to a public cloud. However, any organization worried about moving their mission critical workload to public clouds can take advantage of private clouds. A move to the cloud model requires a different set of security considerations and any associated risks can be easily mitigated with best security practices. Krishnan Subramanian 2011 Private Clouds Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information