Justin Foster in
Apr 30th, 2013 |
Over the past weeks we have been reviewing the top 10 tips for securing instances running on Amazon Web Services. We walked through the critical controls as part of the AWS shared security model. As noted in these tips, host-based security capabilities such as intrusion detection and prevention, anti-malware, and integrity monitoring are critical for protecting your applications and data.
While some of these recommended tips involve configuring and tuning AWS itself, some require the use of third-party tools. So when looking for candidates for securing your cloud projects, here are five questions...
Dave Asprey in
Apr 4th, 2013 |
“Software defined” is the latest buzzword in IT and cloud. Some people hate it because marketers are jumping on ”software defined” almost as fast as they jumped on the word “cloud” years before they had real cloud products. Cloudwashing was a real phenomenon, and it was easy to say. “Software Defined Washing” just doesn’t roll off the tongue the same way, and it implies IP-enabled virtual laundry.
Here is an explanation of why you should embrace the term (I like it even more than cloud) and a view what we called it before “software defined” became in vogue.
In vogue it is....
Mark Nunnikhoven in
Mar 20th, 2013 |
So far in this series, Justin and I have provided tips for securing the foundations of your AWS deployment. Taken together, these tips work to reduce the overall attack surface—the area exposed to the outside world—of your application. Now it’s time to add the next layer of controls to you application, starting with a host-based intrusion prevention system or IPS.
At this point we’ve already disabled unused services on our instances and have blocked any unnecessary inbound ports using our firewalls. This is a fantastic start but it really only reduces the area we present...
Mark Nunnikhoven in
Mar 6th, 2013 |
Last week, Justin covered some of the high level issues around AMI development. This week, we’re going to take a look at how to protect the guest operating system running on your EC2 and VPC instances.
AWS had published quite a few papers around their services. AWS Security Best Practices [PDF] and AWS Risk and Compliance [PDF] stand out as excellent security resources. In the best practices paper, under the section “Secure your Application” (pg. 4), they make a few recommendations which boil down to:
use recommended secure settings for operating...
Christine Drake in
Cloud, Deep Security, hybrid-cloud, IaaS, Privacy, Compliance and Identity, private cloud, public cloud, Securing the Cloud
Sep 1st, 2011 |
By saying that encryption is not enough for cloud security, I don’t mean that you also need other types of protection like server security, identity management, etc. I think most people deploying cloud computing plan to implement more than encryption for security. What I mean is that encryption alone is not enough in an encryption solution when it comes to cloud environments.
Of course, industry-standard encryption is essential, but it’s table stakes. When dealing the multi-tenant nature of the public cloud, or even the inter-departmental shared resources of a private cloud, how encryption...
Dave Asprey in
Cloud, Cloud-based Security, Cyber crime, Deep Security, hybrid-cloud, IaaS, Malware, Privacy, Compliance and Identity, private cloud, public cloud, Secure Data Centers, Securing the Cloud, Security, Smart Protection Network, Threats from the Cloud, Virtualization
Jun 5th, 2011 |
For the last few months, we’ve been conducting a cloud, virtualization, and VDI security survey of 1200 IT professionals from larger companies in 6 countries around the world. Not only did I get to help shape the questions on the survey, I’ve also been on the team interpreting the results.
We’ve learned more than a few things we actually were not expecting to learn. Here is a collection of the most interesting top findings about the state of cloud and virtualization security. I’ll be blogging about some of them in more detail over the next few weeks, but in the meantime, here is the big...
Dave Asprey in
Citrix, Cloud, Cloud-based Security, cloudbursting, Deep Security, hybrid-cloud, IaaS, PaaS, private cloud, public cloud, SaaS, Securing the Cloud, Security, Smart Protection Network, Virtualization, VMware
May 25th, 2011 |
Today at Synergy, Citrix announced “Project Olympus,” effectively making open source clouds a more viable option for enterprises. In the past, it was cloud providers like Rackspace who tended to focus on open source cloud infrastructure, while enterprises tended to make more conservative choices where support contracts were available.
The new support from Citrix, along with about 60 other supporting commercial hardware and software vendors, should go a long way towards helping enterprises see OpenStack as an enterprise-grade choice of cloud infrastructure. Enterprises can now get a Citrix-certified...
Andy Dancer in
Cloud-based Security, Securing the Cloud, Virtualization
Nov 16th, 2009 |
At Trend Micro we are leading the way in security FROM the cloud with our Smart Protection Network by providing threat correlation in the cloud. That strategy, rubbished by some at the time, has since been proved out by the number of competitors now trying to imitate it and the recent real world test results from NSS labs.
We were also lucky enough to acquire Third Brigade, a Canada-based security firm, earlier this year and get our hands on their superb “Deep Security” threat protection for Virtual servers. More than just protection ahead of the patching cycle it offers excellent resource...