Last month, we had the pleasure of hosting a webinar on Hybrid Datacenter Security with friends from Rook Consulting and Microsoft Azure. One topic that we spent a few minutes discussing in the webinar and is worth recapping here, is if and how the application stack changes as you move to the cloud and if it does change, how does that impact security? The conversation around this topic had two big themes – what’s happening today and what could happen in the future.
Today, hybrid datacenters cause security responsibilities to change in traditional, on-premises environments, customers are responsible for security and compliance for the entire application stack and have complete control and visibility over everything from physical security to operating system patching to network security. As customers move to the cloud, some of that responsibility shifts to the cloud provider. The extent to which that shift occurs depends on whether they’re using infrastructure services like virtual machines, platform services like mobile services and websites or software as a service like Office 365 and Salesforce but in the end today, the greatest change is not to the security requirements themselves, but rather who is responsible for implementing and managing them.
While responsibilities may vary a bit between cloud service providers, the diagram below is intended to illustrate typical responsibilities for the cloud service provider and their customers.
Inthe future, cloud will drastically change the application stack and that will drastically change security requirements Today, moving applications and services to the cloud doesn’t dramatically change their function. For example, if you move your physical data center into a cloud environment where you virtualize all of your computer instances and start using cloud storage instead of your typical enterprise storage systems, it’ll work just as well as it did in your data center and you’ll get the benefits of cloud computing like lower cost infrastructure and increased flexibility. What we believe will happen in the future though is that developers will look for even greater benefits in the cloud and while that will be good for development, automation and scale; it’ll bring new security-specific challenges. For example in enterprise data centers, at some point all traffic in or out of the data center goes through some sort of gateway. From a security perspective, that’s useful because it’s a choke point that all the traffic has to taper through and where it can easily be filtered.
The cloud however is much more distributed and will give developers more flexibility in how they build their applications and leverage different application layers and cloud services. Instead of a single gateway where you could place a firewall and be safe, new cloud-aware security solutions that understand changing cloud infrastructure will be required.
View the on-demand webinar There was more to the application stack discussion and hybrid data center security in general. If you’re interested in hearing more, check out the on-demand webinar on the Alert Logic BrightTalk Channel anytime. We’re curious to get your thoughts. Do you agree or disagree that cloud is changing security responsibilities today and will dramatically change security infrastructure in the future? Let us know by using the Comments box below.