Ask any IT Administrator and they would vehemently say that transitioning to the cloud is a data security nightmare! Security fears are constructs around facts, such as:
- The process of collapsing several backup machines into a single backup repository in the cloud may result, in the elimination of firewalls, intrusion detection mechanisms and other protections that are configured for each server by your enterprise.
- The new data pathways are unchartered and uncontrolled by the enterprise. It is no longer possible to use protection mechanisms that are familiar to you.
- The physical location of the data in the virtual environment is not known to your enterprise. Cloud service providers optimize the virtual environment by using automated solutions (like VMotion and Distributed Resource Scheduling) to move data from one physical host to another to meet performance demands and to support capacity pooling.
It is true, that in the past, cloud service providers used traditional tools to secure cloud traffic. They separated the virtual servers into groups and enforced access control via physical firewalls/routers or used software based firewalls that ran on agents on each server. But, such segmentation proved cumbersome and was not a permanent solution in an environment in which data proliferation was overwhelming; networking complexities abounded and server sprawl negated efficacy of software based firewalls.
Modern day services use a number of best practices to create a list of appropriate and warranted applications and services for the benefit of their customers. These lists are designated white lists and black lists. White lists detail the type of server used in the enterprise, the groups of users and applications that are enabled, and define security policies on the server to reduce security risk by blocking non essential services. The Cloud server locks down on access and existing firewalls are used to show administrators the services and protocols that can be allowed and not allowed on the server, facilitating the evolution of a robust security policy for each type of virtual machine that may be cloned from the machine. New Virtual machines, inheriting the environment, will clone the security policies, dispersing any security worries that the customer may have. Third party technologies are used to give visibility to virtual machine resources, to monitor the system, identify viruses, and provide layered security capabilities to the service.
So, IT administrators transitioning their systems to the cloud must insist on purpose built virtual networks that box in a number of unique features and functionalities to help optimize on data center hardware investments while providing the flexibility and scalability of the cloud.