Security and The Cloud
Don’t worry this isn’t going to be another post on how security is holding up cloud adoption or how the cloud is destroying security. There is already too much negativity regarding the reporting of security news (some would say all news). I do however want to discuss how security is changing due to the cloud and cloud technologies. In my opinion cloud computing is actually good for security.
What’s in a word
I probably use the word “cloud” too much, I realise it’s an industry buzzword for something that has been around for ages but it works. Call it Outsourcing, Virtulisation, SaaS or Utility Computing, they are all variations of Internet computing by machines that you do not directly own and have just licensed for the time that you need.
The ring of steel
For years security experts have been saying that companies should stop using the idea of a ring of steel around their internal network. The concept that you are either connected to the internal (trusted) network or the external (untrusted) network is very outdated and just doesn’t work with today’s computing use but companies still insist on using it.
While people have tried to adopt this topology to greater granularity with “Chinese firewalls” (lets separate accounts from development) people will continue to have to move data around between areas of the business to do their work and it quickly becomes an IT vs Business battle.
With more companies needing to get company data outside the building either to access it from a smartphone or share the data with another company the whole procedure falls down altogether.
Smaller rings
One solution is to adapt the model to it’s ultimate conclusion. A ring of steel for each machine/job/task. Until now this has been an impossible task, from a practice standpoint but now that companies are moving to cloud and virtual environments resources can be configured in any way needed. No longer are you required to physically move cables in the patch room to change a networks topology. Instead of one server with one operating system running web, email and any number of other tasks you can have that same server with many operating systems all locked down to do their one job well. Most servers in the cloud and virtual environments come with their own firewall and authentication mechanism that can be easily managed on mass. How many hardware server rooms can say that?
Outside is inside
Given this new model there is no need to have a “corporate firewall” on the edge of your network at all. Why not let the internet in? This is in fact what we do at Dogsbody Technology. Every machine on the network is public and even internal switching is treated as public. If we want to move a private file from one machine to another it needs to be done in a secure/encrypted way. While that sounds like a lot of work it really isn’t. You save on a lot of infrastructure from not having to worry about a locked down network and while it does take a while to setup safe transfer methods, once you are set up there is no difference between transferring a private file to the computer next to you or a computer the other side of the world.
Not the end of the story
Of course, like all security, this is not the end of the story and will not fix all your issues. Monitoring and company policy are still required to stop, find and block exceptions but we’ll discuss that in a separate blog post.
If you have any questions or comments reading this post them please do leave a comment below or contact Dogsbody Technology for more information.
Trackbacks & Pingbacks
[…] an external Web Application Firewall (WAF) such as Sucuri or […]
Leave a Reply
Want to join the discussion?Feel free to contribute!