Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/14/2014
12:00 PM
Bill Kleyman
Bill Kleyman
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
100%
0%

How Next-Generation Security Is Redefining The Cloud

Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.

Cloud computing has become a much more defined platform. There are more use cases, and many more organizations are actively looking at cloud models today than ever before. We have better infrastructure, more resources, and a much more connected user. All of this is fueling tremendous growth in cloud adoption.

For example, the latest Cisco Global Cloud Index report predicts that:

  • Annual global cloud IP traffic will reach 5.3 zettabytes by the end of 2017. By 2017, global cloud IP traffic will reach 443 exabytes per month (up from 98 exabytes per month in 2012).
  • Global cloud IP traffic will increase nearly 4.5-fold over the next five years. Overall, cloud IP traffic will grow at a CAGR of 35 percent from 2012 to 2017.
  • Global cloud IP traffic will account for more than two-thirds of total datacenter traffic by 2017.

This type of growth is driving cloud providers to offer new types of solutions, new ways to distribute data, and even better ways to compute. However, just like any technology that becomes a lot more popular, security concerns are also growing as data traverses the WAN and becomes much more accessible to malicious attacks.

What’s clear is that traditional security is no longer sufficient to protect the modern cloud workload. But what will next-generation security look like? Here are a few ways by which software-defined security is helping redefine the modern cloud:

Logical security abstraction
This is where we begin to separate the logical from the physical. A big part of next-gen security is having the ability to interact with technology at various layers. This means deploying virtual services that directly interact with underlying physical components. In some cases this could be asset management or a virtual service monitoring a remote physical port in a managed services scenario. Similarly, it might mean choosing between a physical appliance or a virtual security appliance. In all cases, the security of your datacenter is going to revolve around how well you can secure the virtual and cloud layer.

Scalable security services
Next-generation security uses various services to control and secure infrastructure data. Application firewalls, API-based client-less security, and network traffic service monitors all provide new levels of security. Imagine having a key application sitting behind a powerful application security engine. This engine heuristically learns how your application operates and halts any anomalous traffic.

Data security and control
It’s not just about securing your information. Because there is so much more data, next-generation security solutions can also help with traffic flow. This could mean pushing traffic to one logical node or another for a variety of reasons. Controls can be set up to manage inbound users and user groups. This creates a dynamic environment where data and users are managed intelligently while they utilize the cloud. What's more, because data and virtual machines are very fluid, agile, and capable of traversing a number of datacenter points, next-generation security is refining how all of this information is controlled and secured as it passes through various cloud points. This will really help advance data security, integrity, and control.

As more IT organizations gravitate to the burgeoning array of new cloud options, security teams will also need to consider what modern technologies they can add to their toolsets. New features and tools for your next-gen infrastructure could include virtual security services, security integration with cloud-based applications, and technologies that ensure that user data is always secure, in motion or at rest.

Regardless of the options or security features you choose to work with, it’s important to understand that there is a lot more data being generated every single day and that this data is becoming a lot more valuable. Next-generation security enables flexibility and diversity within a security offering. Your cloud, datacenter, and infrastructure are flexible and agile components -- your security model should be the same.

  Bill Kleyman brings more than 15 years of experience to his role as Executive Vice President of Digital Solutions at Switch. Using the latest innovations, such as AI, machine learning, data center design, DevOps, cloud and advanced technologies, he delivers solutions ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
QuadStack
50%
50%
QuadStack,
User Rank: Author
7/16/2014 | 1:21:58 PM
Re: Is this happening now?
@Rick - You're right IoT is going to become a pretty big topic moving forward. Just look at the Tesla as an example. You have a center console built on an Android platform. 

With a few "modifications" you can pretty much start launching apps on it (like Windows applications). 

Data integrity, cloud security, and having a solid virtual infrastructure are all critical pieces to creating the next-gen cloud platform. 

Next-generation security revolves around our capability to better secure a very diverse cloud environment. This will mean the combination of virtual and physical technologies. As I mentioned earlier - you can have a physical appliance running 30-40 virtual machines all running a different type of security service. 
Bill Kleyman
50%
50%
Bill Kleyman,
User Rank: Apprentice
7/16/2014 | 1:16:00 PM
Re: Is the hypervisor a future seat of security?
@Charlie - Next-gen security will show up in all sorts of forms. It will be physical and it will be virtual.

Phsyical appliances will still sit at the gateway. The big difference is that they'll be capable of also acting as security hypervisors. They'll be able to process a massive amount of information by leveraging hardware resources while using virtual security machines to process, quantify and secure data.

The future spells for a much more interconnected cloud environment. This means that more information will be passed through the modern data center. Already we're seeing security platforms like the Citrix NetScaler or Juniper Security products make a direct impact on security and security virtualization. 
QuadStack
50%
50%
QuadStack,
User Rank: Author
7/16/2014 | 1:11:21 PM
Re: Is this happening now?
@Marilyn - Great question! I'll give you an easy example -- Heartbleed. 

A really good friend of mine, working as a security professional at a large enterprise, told me how he was impacted by Heartbleed. Although they had vulnerable services, their IPS/IDS solution spotted the bots and alerted the engineers to shut down services which were being impacted. Although they still released a bulletin to alert their users, the ramifications were much smaller. Virtual security appliances can be application firewalls, virtual firewalls or just security services running within your infrastructure. These powerful agents can create a very good proactive system capable of advanced security monitoring.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/15/2014 | 10:08:00 AM
Re: Is the hypervisor a future seat of security?
Agree. It has to be different  because of the fact that threats on the cloud are generally different than on your SME business network.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/15/2014 | 10:05:58 AM
Re: Is this happening now?
Layered approaches are always better than non-layered approaches. We have to assume that the control we put in place will not protect us, what do we need to do next?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/15/2014 | 10:05:05 AM
Re-inventing security
 

I agree with the article. We may have better infrastructure but amount of breaches is increasing exponentially every year for both security and privacy. That tells us we are not ahead of the game, bad guys has better control over it. We have to re-think our security controls and reinvent new ways protecting ourselves.
kgilpin
50%
50%
kgilpin,
User Rank: Apprentice
7/14/2014 | 7:25:09 PM
Re: Is this happening now?
I'd suggest this SlideShare by Mike Kail, VP of IT Operations at Netflix:

http://www.slideshare.net/mdkail/it-ops-2014-technology-roadmap

They are moving their IT operations completely out of the data center and into AWS, including SOX apps like payroll and accounting. That means:



* No more Active Directory

* No more "trust the perimeter" (aka "crunchy exterior with soft chewy center") approach to security

* Zero trust between internal services

* Layered authorization internally, both for end-user auth and for access to services (ssh, service-to-service authorization)

 
RickDelgado
50%
50%
RickDelgado,
User Rank: Apprentice
7/14/2014 | 6:20:58 PM
Re: Is this happening now?
I'm also interested in a specific example of next-gen security. Bill makes a good point that with so many advances in the cloud, big data, IoT, it's time for security to become more dynamic as well. 
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
7/14/2014 | 3:53:11 PM
Is the hypervisor a future seat of security?
Bill is onto something; security in the cloud will be different. But I can't quite tell where he thinks the differences will show up and in what form? For example, I would think an inspection engine as part of the virtual machine hypervisor would be in order as a key vantage point.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/14/2014 | 1:34:52 PM
Is this happening now?
Interesting food for thought, Bill. But is this happning now? Can you paint us a picture with some real-world examples of how "the" cloud or "a" has been redefined by next gen security?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.