Cloud Security: You can get there from here!

If you have ever asked for directions while driving in Boston, then you have undoubtedly been told “you can’t get there from here”. It sounds silly, but after driving around in circles you become convinced the saying is true. But of course most of you do eventually work your way out of the maze and get where you’re going.

I think of this when talking with security professionals responsible for protecting the business while critical data center applications are migrated to the cloud. It seems like no matter what route to the cloud IT chooses to improve the business, security and compliance teams are there to raise objections and point out why unresolved security issues means “they can’t get there from here”. The result is that the business gets there anyway, and security hustles after being left behind to do the best they can securing what they can. I’m sure each of you has lived this.

Business incentives to get to the cloud are steadily increasing for you, so the sooner you get ready the better off you will be. For instance, in some cases your business will push applications to the cloud to save operating expenses by having fewer data centers, enhance performance by pushing key components of an application closer to your users, or improve global availability by leveraging your cloud provider’s distributed infrastructure. Whatever the rationale, you’ll have to deal with complex applications (web servers, data bases, computation engines, network security policies) and you’ll have to respond quickly when IT is ready to move.

Fortunately, there are some approaches that are working better than others. Here are three that I suggest you consider in being sure you can get your data center applications securely to the cloud.

1. Focus security strategies on hybrid clouds. It is likely that none of your applications are going to go directly to the public cloud providers. You will always have on-premise components – you may place customer interfaces and computational logic in the cloud, but keep data bases in your own data centers for example. Or you may just keep private cloud deployments operational for a couple of quarters as a backup. Focus your network security planning on the hybrid cases with connectivity between public and private components.
2. Move away from IP addresses and port numbers in network security policies. It will quickly become apparent to you that tracking application components by IP address or protocols by port number is going to be a nightmare as applications appear across your network and those of your cloud providers. Use the time now to fully understand the complexity of your most mission critical applications and express network security policies in terms of component names and protocols. It will become much easier to map your network security policies into cloud provider environments if you get this done before IT thinks of moving the application to the cloud!
3. Use automated tools to ensure consistency. You will need your network security policy to be consistent across your private cloud and all cloud providers you utilize. That will be very difficult to achieve without the use of technology to ensure that network security is being applied to your satisfaction, and not that of your cloud providers. Leverage  solutions that discover application components and analyze network security devices to assure compliance with your standards. It just doesn’t make sense anymore to try to manually sort out all of the application complexity across clouds.

There is no hybrid approach to security when migrating applications to the cloud – responsibility stays totally with you. It is up to you to deploy network security policies that can apply to new cloud environments at the speed of business. Start now with these steps to favorably position to help IT “get there from here”. And that’s a good place for security to be!