As a result of cloud computing having a profound impact on the information security industry and the Everything-as-a-Service movement, cloud security now requires increased adaptability, virtualization and integration.
Adaptability for scale and infrastructure can be realized through avoiding “cloud washed” solutions—previously existing technology marketed with the addition of “cloud” in the title. When considering security solutions, ask yourself the following questions.
Q: Can it run in a third party environment?
A: Many providers say their solution is cloud but what they mean is only in a private cloud or on-premises.
Q: Does it autoscale?
A: Cloud solutions should scale both up and down to handle shifting loads and traffic patterns.
Q: Has it been built from scratch in the cloud or ported?
A: Ported solutions that are modified to run in a virtual environment are not cloud solutions.
Q: Does it require you to buy software licenses?
A: Software licenses that you buy and then pay yearly maintenance for are not cloud solutions; if it isn’t Software-as-a-Service (SaaS), stay away.
Q: Does it sit up in the cloud or just on the edge of your network?
A: Security that protects your LAN from the cloud is not cloud security; it’s LAN security. The right cloud solutions exist in the cloud in their entirety.
To uncover what five principles cloud security solutions should adhere to and what integration with your cloud provider can reveal, read “Cloud Security is a Joint Venture” by Alan Shimel of DevOps.com in the first issue of Zero Day magazine. Read the full article and subscribe here.