New Types Of Cloud Need New Types Of Security

Once installed and configured, administrators are able to apply firewall rules and policies to any connection that can access public, private or hybrid cloud services. A small (3MB) security daemon works with CloudPassage’s computing grid to enforce rules, policy and monitor for intrusions.

CloudPassage also has added a physical aspect to cloud security such as a USB key that creates a one-time password for each session. This also may become a trend as time goes on.

USB Security

“What we’ve done is create a cloud-ready platform that handles automatically all management and policy controls with a combination of a lightweight host-based agent and software as a service grid,” Rand Wacker, vice president of products at CloudPassage, told eWEEK.

Tighter security like this is becoming mandatory, with all the system break-ins that seem to be happening more frequently around the world.

“When people look at adding security to a cloud system, they generally think they’re buying a slice of something,””CloudPassage founder and CEO Carson Sweet told eWEEK.  “So now we’re doing full-blown dynamic firewall management, multi-cloud. We’re going to cross-cloud (systems) now, so we can have servers in EC2 (Amazon’s Elastic Compute Cloud), in Rackspace and in Terremark with one policy over all of them. The most interesting aspect of all of this continues to be that it all just works in the cloud.”

Security doesn’t work the same way in public and private cloud environments as it does in on-site data centres.

“When individual servers, especially in a cloud system, become vulnerable, you can clone those things so fast. And when you clone one of those servers, you’re also cloning every vulnerability,” Sweet said. “Pretty soon, a big cloud server farm can begin to look like a chunk of Swiss cheese. You replicate the problems along with the actual server.”

As an example, Sweet told of one legendary cloud server he knew about “that was just plopped out there. We called it Typhoid Mary because when that started to get replicated, it was really bad news.” He wasn’t at liberty to tell exactly which system was affected, but it was a large one—and it became a huge mess, he said.

“The interesting thing is that we have gotten away with this in the data centre for years, because of the firewalls and other security on the hardware devices,” Sweet said. “But you can’t do that in the cloud.”