Keeping Private Clouds Private

The term "cloud" has misclassified IT operations as a somewhat nebulous entity, one without boundaries or walls, allowing information to flow freely from endpoint to server to endpoint. However, that implied ideal of global knowledge interchange has become one of the most dangerous enemies to data protection today. Simply put, IT managers need to understand how the cloud can become the downfall of security, especially when private clouds are part of the landscape.

The simplest way to secure a private cloud would be to keep it isolated on its own private network, physically imposing connectivity barriers that prevent interaction with other networks--or, more simply, pulling the plug on Internet connectivity. However, that methodology is impractical in today's connected world, where every endpoint and device is most likely connected to the Internet and other resources.

In effect, this means that private clouds, regardless of how and where they are hosted, will always have some form of connectivity to the outside world. Of course, a properly configured private cloud will incorporate several logical and virtual barriers that are designed to prevent unauthorized access to the content contained within. That’s the theory, at least.

Nevertheless, those managing private clouds have to ask themselves a few questions, including: How can I be sure my cloud is protected from intrusion? Is my firewall, VPN or other security technology effective? How can I remediate any security problems?

It is the answer to those questions that will dictate how to proceed with a security posture that effectively protects the data in private clouds. In many cases, layered protection proves to be the best weapon against intrusions. By weaving together a stateful packet inspection (SPI) firewall, encrypted access (SSL or traditional VPN) and a secure login mechanism, IT managers can achieve some modicum of protection. However, some will wonder if it is enough.Case in point is the recent security compromises of Sony’s PlayStation network, Google’s Gmail system and other platforms. These breaches highlight the fact that current security technologies might not be effective enough to protect private clouds.

Luckily for IT managers, the security market is evolving, bringing new technologies to the market that help to prevent, remediate or detect security issues. Of course, the best approach is to avoid a breach altogether--a task that may be impossible but is nevertheless a worthwhile goal to reach for. Here, companies such as Palo Alto Networks are re-engineering firewall technology to be more effective, bolstered by studies showing that current solutions are not fully effective.

Palo Alto is offering new products that seem to be a more effective fit within the cloud community. Naturally, Cisco, Juniper, CheckPoint and many others are also hardening their security products to better protect IT assets, all of which will help make it easier to secure a private cloud.

Nevertheless, security still needs to be validated and maintained, and those tasks usually require auditing, forensics, continual testing and effective monitoring. These tasks that usually fall under the realm of compliance officers and security administrators. Luckily, the tools in these arenas are evolving, as well.

For example, Networking forensics vendor NIKSUN launched a new forensics platform that promises to give IT managers full insight into network activity. Ideally, administrators could use NIKSUN’s forensics utilities to diagnose breaches, gather evidence and plug holes.

Keeping private clouds private demands that IT managers take a different look at how security is enforced across a network and how interaction between networks is monitored--something that requires effective monitoring and analysis that goes beyond validating firewall and user account settings. The key here is to catch anomalies as they occur--or, taking a more proactive approach to protection.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Collaboration Security (subscription required).