With more and more organizations choosing to migrate their existing infrastructure to a cloud model, the first move is often to a private cloud for various reasons. Later down the line, however, it may be necessary to migrate again, to a public cloud this time. The reasons for these transitions are numerous, but an evident advantage of hybrid public/private cloud architecture or fully public systems is greatly reduced costs. Utilizing a third-party cloud provider's systems enables greater service flexibility and thus costs that match actual usage.
This transition can be difficult and managing security on a public or hybrid cloud network can open a whole new can of worms. With a particular risk to companies handling information such as payment records or medical information, this transition needs the right resources to be completed successfully. It is this focus on security with such a transition that is of prime concern to many organizations.
It is the same difference between private and public cloud technologies that offers cost benefits that also leads to security concerns. Security tools tailored for data centers or private networks are not designed for the intricacies of public cloud services. With highly dynamic IP addressing, constant deployment of virtual machines to meet demand, and the corresponding termination of these instances, security models must evolve as well.
Many traditional server networks focus on protecting the group as a whole. While this is a tried and tested, cost effective method, it is less viable for cloud computing solutions. Various security tools being used to protect existing networks would not be enough to adequately prevent intrusion when the server is on the cloud as these utilities were designed for static networks and thus may not be able to handle the dynamic nature of a cloud.
Focus must be given on endpoint protection as well as perimeter control such as firewalls. Threat management must be integrated into every instance that a cloud model plans to construct or deconstruct to be effective. Poorly configured or inadequate protection in an image can cause the vulnerability to propagate to every future instance. Repairing such a security hole would require not only time to reconfigure or develop a solution but also terminating and re-starting every virtual instance currently running.
An undiscovered flaw in a virtual machine image could be even worse. The vulnerability, instead of being tied to one server, exists in every instance and has even more potential for exploitation.
We are lucky though as there are a great number of softwares already available for protecting a public cloud. When evaluating products, an organization would be looking for a solution that is both adequate and cost-effective. It is not only an assessment of the initial investment, or even annual cost, but one of maintenance, monitoring, and human intervention. How much would the software cost to manage? A seemingly affordable solution may come back to bite with expensive and constant tweaking or unreliability. In the end, a lower initial investment in network security may be a poor decision.
Transitioning to different cloud technologies necessitates a keen eye. Nobody wants their luggage to spill while in transit during their flight; it is the same while transitioning to a different technology. In order to ensure a successful, economic, and calm move to a new platform, one needs to look out for these potential issues and understand them enough to be able to make informed decisions.