Regaining Control In The Cloud

The cloud undercuts data center security, but infrastructure security as a service provides a way to reclaim centralized control.

Lori MacVittie

October 20, 2016

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Since the rise of the internet as a medium for business, organizations have protected their digital assets through strategic points of control in their data center. By funneling all traffic through business-controlled devices, e.g. firewalls and application delivery controllers, organizations maintained authority over who could access what, from where, and how.

As "the cloud" rose over business, it's obscured business’ ability to control the flow of traffic. Gone are the traditional checkpoints at which organization’s enforced security and access policies. Gone is the visibility and monitoring from a centralized console. Gone is strategic control.

It is ironic, then, that cloud might be the solution to the problem it has created. The rise of what I call infrastructure security as a service provides organizations with a new way to centralize control without retreating to safety behind clearly marked data center boundaries. While the term has no clearly defined or accepted alternative at the moment, if you wait a minute – like with the weather in Wisconsin --  that’ll change.

Infrastructure security as a service offers the same benefits as traditional solutions without tethering applications to a given, specific location, including solution cloud solution. The abstraction offered by ISaaS provides the agility necessary to move applications and services from one provider to another, without disrupting consumer and corporate users.

Whether for distributed denial-of-service protection, application security, federated identity or single sign on (access), ISaaS takes on the burden of acting as "the endpoint" for consumer and customer apps. Whether those apps are in the data center or in a cloud makes no difference to this growing set of services. By migrating services that have traditionally acted as a strategic point of control in the data center out into the cloud, organizations are empowered, again, to take advantage of the ability to enforce security and access policies consistently across all applications, no matter where they may reside.

null

cloud.jpg

That’s important, particularly with rising volumetric DDoS attacks that are gaining in volume and frequency. With multi-gigabit attack volumes, very few organizations have the bandwidth to absorb such traffic without disrupting business. Cloud answers this problem neatly, with providers offering gobs of gigabits capable of soaking up attacks like a sponge.

But it isn’t just volumetric attacks that are a problem. Attackers have a growing focus on applications, not just to exploit vulnerabilities, but also for unauthorized access. Federated identity and app security solutions "as a service" provide a single, centralized strategic location – off-premises – where organizations ca vet user requests. That it is in the cloud means flexibility and lower costs, both of which are essential in today’s fast-paced, application driven world.

Moreover, this type of abstraction through centralization in the cloud offers greater visibility into access attempts, whether successful or not, by consolidating logs and providing a single source of truth for understanding the application experience.

For organizations that are still early in their cloud journey or those stuck in the middle, wondering where to go next, moving security and access services to the cloud can alleviate the pressure to move apps before the best environment has been selected. Pointing consumers and corporate users alike at a centralized, cloud endpoint means a frictionless migration of applications in the future.

The reason strategic points of control worked to secure against intrusion and unwarranted access was not because they were in the data center, but because they were a core component of the architecture. In distributing apps across the cloud, that architectural foundation has been lost. But it can be rediscovered by taking advantage of infrastructure security as a service.

About the Author

Lori MacVittie

Principal Technical Evangelist, Office of the CTO at F5 Networks

Lori MacVittie is the principal technical evangelist for cloud computing, cloud and application security, and application delivery and is responsible for education and evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she authored articles on a variety of topics aimed at IT professionals. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University. She also serves on the Board of Regents for the DevOps Institute and CloudNOW, and has been named one of the top influential women in DevOps.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights