Some Best Practices In Cloud Security


Security has been the bugbear for Cloud from Day One. A recent IDC CloudView Survey cites security concerns as the number one inhibitor regarding the adoption of cloud technologies and services. However it’s a myth that what you keep in your data center is more secure than what you put on cloud.

The current trend in cyber threats points to more vulnerabilities impacting users through “Man in the middle” attacks or Bots creating ‘DDoS’ scenarios which typical data center architectures are not able to handle. What is more important in today’s world is that every single application workload and its architecture needs to be built and designed for security across each layer irrespective of where the workload is deployed.

Designing security for cloud workloads is a shared responsibility. If we take the most common use case of Infrastructure as a service (IaaS), your cloud provider takes complete responsibility for securing the underlying infrastructure that supports the cloud, and you’re responsible for anything you put on the cloud or connect to the cloud. An end to end view of Security and Governance involves planning for security across various layers of any workload.

Some of the best practices in architecting for securing for cloud are:


DDoS Security: Designing and implementing solutions for “Distributed Denial of Service” attacksWeb Application Firewall: Preventing known application vulnerabilities through set of policiesApplication Vulnerability Assessment and Penetration Testing: Frequent Audit of Infrastructure and Applications to ensure adherence to compliance and Security

Unified Threat Management: An integrated solution typically applied on the application perimeter that includes firewall with IDS, IPS and VPN capabilities

Host Based Security: Secures the end point instances that host application components and workloads through regular anti-malware, patch management and port level controls

Data Security & Encryption: Secure data in transit and rest through the right combination of Key Management and Encryption

Identity and Access Management: Ensure fine grained user access controls to limit access to only what is needed

While the complexity in security will continue to evolve in the cyber world; where Cloud scores in enabling security and governance is its ability to get security controls well configured within the cloud architecture design.To sum it up, cloud allows for higher level of segregation of environments, it enables fine grained controls for resource access and interactions, stronger encryption and key management, a highly granular and pointed security monitoring and logging and enables strong compliance and control through automation.