How well are Web applications protected?
Certainly, the least secure aspect of any cloud deployment is in its Web applications and how they are connected to the rest of the cloud-based infrastructure. The challenge is to virtualize as many of the protective devices/applications as are available on on-premises servers, such as load balancers, intrusion prevention appliances, and firewalls. The major cloud providers are beginning to add these tools to their list of services so that IT developers can migrate their applications to the cloud and still maintain the level of security that they have come to expect with the ones running inside their own data centers.
For example, Amazon's cloud-based servers can't send spoofed network traffic, no matter which operating system they are running. The Amazon firewalls will only allow traffic using its own source IP or MAC network address, which is a nice safeguard.
The CTO of Town and Country, Missouri-based cloud hosting provider Savvis, Bryan Doerr, talks about how automation can play a critical role in cloud security."We can automatically provision stuff quickly, but what we can't do is make decisions quickly. How long it will take me to add capacity to this app? How long to recognize a failure and respond? Now that we have all this infrastructure virtualized, and [have] automated these changes, we need to automate the decision making too. We need to close the loop from sense to decision. Virtualization has freed us from manually patching cables and setting up racks of equipment. We have to make these decisions in advance, define them in terms of policy, and then express those in terms of guides for our provisioning systems. The trick is to figure out how to help customers get down the road." Products such as Racemi's DynaCenter are just one of the many automation tools available for these sorts of tasks.
Finally, no matter what you do, don't be afraid to kick the actual tires and make a site visit to vet your vendor. "We made a personal visit to our cloud provider's location and saw what their UPS looks like and how they are managing their data center," says the USGA's Jessica Carroll. "That made us more comfortable with selecting them as our provider."
As you can see, there are a number of best practices and other steps cloud computing users can take to secure their operations. Security expert Bruce Schneier says, "You have to get smarter about negotiating your contracts for security services. We are going to see a lot more ways to connect untrusted devices to a trusted network," and cloud computing is just one of them.