IT security is a very complicated area of cloud computing. From one point of view, security could improve due to centralization of data,increased security-focused resources. On the other hand concerns can persist about loss of control over certain sensitive data, and the lack of security for stored kernels. In other words you will be trusting your security to the cloud provider. If that provider hasn’t done a good job securing its own environment, you could be in trouble. Measuring the quality of a provider’s approach to security is difficult because many cloud providers don’t expose their infrastructure to customers.
Neil MacDonald, vice president at Gartner, explains that security must be an integral, but separately configurable part of the private cloud fabric, designed as a set of on-demand, elastic and programmable services. To achieve this, cloud security must display six different attributes:
1. On-Demand Elastic Services
Security needs to be delivered as a service rather than as a set of products siloed within physical appliances. Like other cloud services, it needs to be delivered ‘on demand’ to protect data and projects when and where protection is needed.
2. Programmable Infrastructure
The security services that are applied across the cloud must be open to being programmed. With programmable security infrastructure, the services should be accessible using RESTful APIs that are programming language and framework independent.
3. Logical Security Policies
As security services are deployed in virtualized data centers and then private clouds, security policies need to be cut away from physical infrastructure and related to logical rather than physical attributes. By removing static security policies (associated with static attributes) the security assessments will be delivered quicker as well.
4. Adaptive Trust Zones
By creating trust zones or logical groups of workloads a better and more efficient security can be delivered.This is in contrast to a security infrastructure where policies are applied on a VM-machine by VM-machine basis.
5. Configurable Security Policy Management
You should be able to configure security levels as your applications move from on-premise to private clouds. Software controls need to be maintained when they are virtualized, the separation of duties assigned to the software should also be maintained.
6. ‘Federatable’ Policies
Though there are no established standards at the moment, it would be required that as private clouds will be applied incrementally, security polices would be applicable not only to private clouds, but also to the remaining infrastructure, both virtualized and physical, and would be intelligently able to cooperate.
That was an introduction to cloud computing, depicting just the basic concepts. In the next tutorial we will see what are the JBoss' solutions as far as it concerns cloud computing. Stay tuned!
- << Prev