Keep your guard up

3 ways to build a more secure private cloud

Lior Cohen Cloud security evangelist, Fortinet

More and more business operations, including the management of physical devices and offices, occur in the public cloud. In fact, 94% of organizations now use the public cloud for some or all of their infrastructure, according to the 2019 Cloud Computing Trends survey

But the public cloud isn't appropriate for everything. There are plenty of critical use cases for larger organizations—which need sizable amounts of compute resources—that require creating and maintaining private clouds as well.

The challenge for IT teams is that these private clouds include virtual compute infrastructures that are completely independent of the physical network and are therefore not necessarily bound to physical locations.

This creates new burdens. Securing the compute infrastructure of a private cloud is more abstract than doing so for physical networks, because the placement of devices does not indicate their function and role within the cloud infrastructure.

A cloud infrastructure is much more fluid and dynamic. That means data, complex applications, and workflows moving between virtual and physical servers need to be clearly understood in order to be protected. Security solutions also have to address issues such as hyperscale and dynamic configuration changes. 

Here are key methods to lock down the security of private clouds.

1. Ensure performance of your virtual security

Performance is one of the first challenges. Data moving in and out of any data center represents only about 20% of total data center traffic.

Most traffic flows "east-west" between devices in the data center, which means that security inside your private cloud data center needs to provide both scale-up and scale-out capabilities. This will tackle the dynamic nature of workflow communications, and aggressive security processing and scaling requirements. 

This heavy volume of east-west traffic in private cloud data centers is part of the reason most data breaches remain undetected for months or longer. It means that private cloud security needs not only to begin with smarter and faster security devices, such as performance-enhanced next-generation firewalls, but these devices must also operate consistently in both physical and virtual form factors.

Your security platforms need to communicate seamlessly, regardless of where they are deployed, to ensure consistent policy enforcement even when securing complex, cloud-based traffic and configuration challenges.

Choose the right firewall

As a result, it’s important to note that there is much more to developing a virtualized firewall than simply porting over its code to a VM form factor. Selecting the right virtualized firewall can have a significant impact on the security and performance of your private cloud environment.

Security tools being considered should be able to:

  • Leverage a wide variety of hardware acceleration capabilities, such as SR-IOV, DPDK, and QAT. 
  • Integrate seamlessly with private cloud orchestration and automation frameworks.

Be consistent. A virtual firewall should include the exact same functions and services as its physical counterpart. Policy enforcement and configuration should be identical, and communications between solutions deployed in different form factors should be seamless.

2. Automate cloud security

Because these environments continuously change, it is simply impossible for human IT managers to keep up. Security solutions that have to constantly operate in reaction mode to changes in the network introduce security gaps that can be predicted and exploited.

Instead, a security solution needs to be directly integrated with the underlying compute infrastructure so that dynamic changes occur in network and security devices simultaneously. And those changes need to be fully automated so security policies can remain applicable at the speed of the cloud.

Automation also needs to address issues such as correlation and response coordination among different security devices and constant communication with the extended security fabric deployed across the rest of the distributed network.

Also ensure that your automation tracks updates and configuration changes, to address new threats or regulatory requirements provided by your central security management and orchestration system.

3. Integrate security for the dynamic cloud

To ensure comprehensive single-pane-of-glass visibility and a control system for all cloud environments, it's important that organizations implement a comprehensive, integrated security architecture.

Because private clouds are built on a virtual infrastructure, it is also important that security solutions be available in—and designed for—virtual form factors that include all the features of the physical version. This enables effective protection for both north-south and east-west network traffic, can automatically adapt and scale to dynamic virtual environment changes, and can make compliance proactive rather than reactive. 

Keep security at the fore regardless 

Private cloud offers significant business value to organizations that regularly leverage compute resources at scale for their ongoing business operations. These clouds offer potential and new opportunities for businesses across sectors, but also come with unique security challenges.

Evaluating the solution your business implements according to the three primary criteria outlined above will go a long way toward ensuring that you can take full advantage of all the private cloud offers while keeping security at the forefront.

Read more articles about: SecurityInformation Security

More from Information Security