Security in the cloud is a rapidly growing field, with any number of IT vendors either reinforcing existing security products or introducing new ones to the market. By exchanging on-premises datacenter for a hosted server farm in some far-off location, and giving workers the ability to use tools and access data via the browser, businesses can become more agile; but it introduces complex elements that IT administrators never had to consider even five years ago.
CloudPassage is one of those companies designing security products for cloud environments. “People are trying to recreate a traditional architecture, but that limits the ability of the cloud,” Rand Wacker, Vice President of Product at CloudPassage, said during an interview at the Cloud Expo 2012 in New York City. Its CloudPassage Halo offers the ability to safely deploy servers (in both public and hybrid clouds) at scale.
CloudPassage Halo, he insisted, was built from “the ground up” to handle the more dynamic nature of the cloud; its offerings include automated policies for securely cycling up cloud infrastructure: “Anytime a new server gets spun up, that gets enrolled in the right group, with notices of what needs to be changed, configuration files, and so on.” Security breaches, he added, often stem from configuration errors that administrators never correct—hence his company’s focus on notices and warnings if a particular configuration is out of sync.
CloudPassage was using the Cloud Expo to tout its new two-factor authentication for cloud servers, using a mobile phone as a second factor. While that level of authentication is relatively common for private servers, Wacker said, it’s “hard to do in the cloud without additional infrastructure.”
When prompted, Halo GhostPorts SMS (which works with most major Linux and Windows operating systems) sends a text to the user’s phone; CloudPassage also temporarily opens up a server management port for the user’s IP address. In theory, that makes the server port inaccessible to malware and those with devious intent; in addition, SMS works with regular cellphones in addition to smartphones. Users can also utilize USB keys if preferred.
Of course, there are other factors to consider in terms of cloud security. In terms of public clouds, data encryption, knowledge about the geographic location where your data resides (and the privacy regulations associated with that location), penetration tests, and proper accreditations are all necessary for keeping data safe. With private clouds, everything from security monitoring to exacting configuration management, to incident response and e-discovery are all vital tools.
Image: Oleg Zhevelev/Shutterstock.com