With the mass migration of data and workloads to cloud, IT departments are struggling to give their executive team the guarantee that their company will remain 100 percent secure. Adam Neale, COO of EB2BCOM assures companies that they can enjoy the financial benefits and efficiency of migrating to cloud services without jeopardising the security of their environment. The cloud can be just as secure, if not more so than a traditional data centre.
EB2BCOM has been speaking to numerous Australian companies about cloud security, and are implementing game-changing cloud security solution Dome9 SecOps. Having spoken to over a hundred Australian companies in the last few months, the need to secure server instances on Amazon Web Services (AWS) and similar cloud platforms is undeniable. We’ve been blown away by the interest in a solution like Dome9 and there has been a high proportion of companies who have expressed their need and interest in this solution.
Organisations are being pushed by the need to access the financial benefits of cloud services in order to stay competitive, however some CEOs and Managing Directors are very hesitant to expose their companies to risk and a string of high-profile security breaches in recent years has proven a key consideration preventing businesses from benefiting from cloud services. For those companies who are migrating, the speed and financial pressure to quickly migrate to cloud has meant that companies often don’t get the chance to make sure that the right security profiles are in place.
Here are EB2BCOM’s tips on what you need to look out for when securing the cloud and how to migrate your workloads safely.
Harden your cloud while maintaining visibility and automation
Cloud platforms employ different security mechanisms and are often difficult to secure with traditional network products. Traditional data centre security leverages host and network based firewalls, whereas cloud platforms provide alternative approaches, such as AWS’s security groups. Products like Dome9 are built specifically for the cloud and leverage AWS’s native security group controls - giving complete visibility and automating the protection of server instances to guarantee security. In traditional environments, there have always been firewalls, and access to and from the public internet is carefully locked down at specific network gateway points. However, in the cloud, security responsibility is shared between the cloud services providers and the customer. There are new concepts like Virtual Private Clouds (VPCs), which in turn utilise Security Groups, and network Access Control Lists (ACLs) to configure whether a given server is accessible to general internet. This is where the power of the cloud can become dangerous – one careless misconfiguration of a security group policy could potentially expose 100s of your servers to the world. Using native tools, you may have to wade through long lists of VPC firewall rules, repeating the exercise for each VPC and each region, looking for misconfigurations. This is where a product like Dome9 is essential in giving you a complete view of your environment.
A tremendous benefit of a cloud environment like AWS is that a tool like Dome9 can leverage the native APIs to build a live map of the effective security policies, showing the relationships between instances running within in VPCs and regions, and highlighting what servers and applications can be accessed by third parties. Dome9 constantly reviews all the firewall rules, which ports that are set open on AWS instances, security groups, or IP ranges, and determines what is able to connect to what. If it’s open to the outside world and accessible to the general internet, then straight away that will be shown as being in what’s called an external-facing zone. You can then click through and see the VPC traffic flow to determine what’s actually running in and out of those instances and lock them down within seconds.
Which companies need cloud security the most?
Companies that need cloud security most are those that have customer and consumer data. Currently, in Australia, Government regulation focuses on consumer data and privacy, so companies that handle personal data, for example health information or financial information, need to consider that strong legislation exists for the security of this information. A great example is TABCorp, for whom EB2BCOM are implementing Dome9. Being in a highly regulated industry, they need to be able to show external auditors on a regular basis that their environment is locked down and secure. Having visibility of their system and automating controls gives them the assurance that they are compliant and maximises the efficiency of their security as well.
What you should you look out for when migrating
For companies looking to migrate to the cloud, or to secure their existing cloud investments, Chief Operating Officer Adam Neale has a few key pieces of advice.
Apart from the proven cost benefits, a cloud environment can be just as secure, if not more so, than traditional data centres. Straight away, physical risk is removed as no one can walk into your office and pull out the cables or turn off machines. Furthermore, products like Dome9 can completely lockdown your system while still giving you constant visibility to the effects of changes or additions. EB2BCOM has spoken with a number of companies that have their environment secured to the point that everything – including all the provisioning services – is completely automated. Nobody is allowed to log on directly to the Amazon environment and have direct access, meaning no changes can be made without going through authorisation processes that ensure all the checks and balances in place.
2. Explore the ecosystem of management and provisioning tools
There’s a whole range of products like Dome9 that will allow you to lock down and have full visibility of what’s going on in the cloud environment - you just need to be using them. Whilst the native tools are getting better, it’s safer to use something that calls out proactively when something has been configured incorrectly.
3. Choose the right provider
In terms of what to look for in someone implementing your cloud security, make sure they know the ins and outs of local regulations. Cloud is still an emerging and specialist area, and international vendors of add-on tools don’t necessarily have an appreciation of local environments. In a market where cloud services companies are springing up rapidly, speaking with a company that has experience in corporate security can only help you. Companies with a specialty and a background of corporate security will give you a list of recommended solutions and how to implement and configure them correctly. A company like EB2BCOM can save you from sorting through the abundance of products and recommend the right implementation to suit your needs.