A Guide to Public Cloud Security Tools
Why is an arrangement of servers—which are constructed of hard metal, tend to run hot and weigh thousands of pounds—called a “cloud”? It only makes sense from the standpoint of an engineering diagram, in which data travels by an undefined pathway from origin to endpoint. In that respect, the cloud refers to the randomized packet transfer protocol that underlies modern computing.
Although no one can know with certainty where the term “the cloud” originated, it’s clear what it represents. “The cloud is a metaphor for the Internet,” Cloud Camp co-founder Reuven Cohen told the MIT Technology Review in 2011.”It’s a rebranding of the Internet.” But for those with a security-first mindset, that metaphor is a problem. The Internet is a dangerous place that is filled with malicious people who enjoy misappropriating or damaging data. Storing private company and customer data anywhere on the Internet is a potentially hazardous course of action without the proper security controls firmly in place.
Private vs. Public Cloud
Private clouds are exclusive to a single enterprise—such as an enterprise company’s internal storage system. They are usually easier to secure but not as flexible in terms of rapid scalability. Private clouds also tend to have higher capital and operational costs. Public clouds, on the other hand, are operated by third parties that usually offer the cloud as service. Some of the most recognizable names are Amazon Web Services, Microsoft Azure and Rackspace in addition to the Google Cloud Platform and IBM’s cloud service.
Private Cloud Security: Riskier Than You Think
As Roger A. Grimes notes at InfoWorld, both private and public clouds come with risks. Private clouds may seem safer at first because they are under the enterprise’s tight control, but one of the biggest drawbacks is that many companies cannot afford the same level of security as Amazon or IBM. Even a company’s own employees are risk factors—they might do malicious acts or cause unintentional accidents. Private cloud networks rarely have geographic failover options, so all of its valuable data is more at risk. Public clouds, on the other hand, are supported by data centers all around the world—often making them more secure and efficient.
Public Cloud Security: Still Facing Challenges
Still, businesses typically consider these three specific security concerns when deciding whether to use public clouds:
- Multitenancy: Sharing a cloud with other businesses—especially competitors—is the top concern of many corporate executives. Companies in public clouds must be confident that neither their private data nor their customer data will leak into other users in the space.
- Virtualization: Exploits are grabbing headlines with increasing frequency. As identities across devices have become more fluid, access and authentication systems are having to work harder to approve the right users.
- Ownership: Many public cloud providers are silent on the issue of ownership in their user agreements—leaving open the possibility that they could try, for example, to profit from the storage of the data.More on the subject:
There are many ways to approach these challenges. The U.S. National Highway Traffic Safety Administration, for example, found a way to make the public cloud safe and accessible in less than one month by using some of the latest cloud security tools. The rapidly growing industry of cloud security firms and related software—such as those listed below—is evidence of the fact that cloud security is entering a new era. Businesses looking into public cloud solutions may want to explore these options as additional ways to protect their data.
The Top Public Cloud Security Resources
- AppRiver – looks at messaging security for SaaS-based e-mail and web tools
- Awareness Technologies – brings its SaaS-based DLP model to analyze mobile and the cloud
- Barracuda Web Security Service – offers malware protection, URL filtering and application control
- Bitglass – acts as a cloud-access security broker to secure applications and mobile devices
- Bitium – handles identity and access management for BYOD and BYOA
- BitSight Technologies – analyzes data on security behaviors and rates companies on security effectiveness
- CipherCloud – handles encrypting or tokenizing data directly at a business gateway
- Delinea – centers on identity management across devices and applications
- Dome9 – examines firewall rules, IP address tables and ports to look for unusual web traffic
- Evident.io – provides cloud security in partnership with AWS
- ForgeRock – protects enterprise, cloud, social and mobile applications by identity access management
- HyTrust – delivers access control, policy enforcement, hypervisor hardening and logging
- IntraLinks – protects critical content and enables client control over data
- Kismet – passively traces cloud machines while leaving no logs or traceable packets
- Logz.io – users can create proactive alerts on selected events and relevant dashboards to aggregate and view data trends and monitor security threats including password brute force detection, access control and network access
- Metasploit – takes a cloud IP address and tests penetration to assure that security is in place
- MyPermissions – sends out alerts whenever apps or services try to access personal data
- Nessus – operates as an open source vulnerability assessment tool
- Nmap: the Network Mapper – tests penetration by scanning networks for congestion and latency
- Netskope – discovers any cloud apps and shadow IT used on your network
- Okta – manages logins across all cloud applications including Google Apps, Salesforce, Workday, Box, SAP, Oracle and Office 365
- Proofpoint – focuses specifically on email to protect inbound and outbound data
- Qualys – scans any and all used web apps for vulnerabilities in SaaS, IaaS and PaaS tools
- SilverSky – offers email monitoring and network protection for HIPAA and PCI compliance
- Skyhigh Networks – discovers, analyzes and secures cloud apps with logs from existing firewalls, proxies and gateways
- Netshieldcorp – flags and stops access to high-risk data ports such as webcams, microphones, GPS and USB
- WhiteHat Security – mimics threats to avoid coding vulnerabilities on websites
- Zscaler – monitors all the traffic that comes in and out of your network along with protecting iOS and Android devices
Public cloud security is only going to become more important with each passing year. Just look at these data points from Forbes reporter Louis Columbus:
- Worldwide spending on infrastructure as a service (IaaS) is expected to reach $16.5 billion in 2015, an increase of almost 33 percent from the prior year
- Cloud applications will account for 90 percent of global mobile data traffic by 2019, compared to 81 percent at the end of 2014
So, with these trends in mind, how do you plan to secure your public cloud? I invite your thoughts in the comments below.
Note: This post originally appeared on DevOps.com.
Get started for free
Completely free for 14 days, no strings attached.