Cloud Security Part 2: The SECRET Sauce
The key to effective cloud security is like a two-sided coin – one side is security (of course) while the other is management. Most overlook the latter, only to realize how critical management is when it’s too late and they’ve given up on the first, security.
Securing your cloud needs to offer protection that includes firewall security management as a first line of defense. Other technologies for applications and data services in your cloud follow on, but the first, most important act of vulnerability management is making sure your internal servers are internal, external services are exposed, and your server is less vulnerable to attack. Thus, the firewall and its effective management is the number one priority.
A Great, New Approach to Cloud Security
Cloud server security management that dynamically manages firewalls is quickly growing in popularity among enterprise customers, as well as cloud hosting providers who are offering it as a value-added security service for subscribers. With first-of-its-kind multi-platform cloud server and security management that automates policy management, it enables administrators to:
Keep ALL administrative ports on the server firewall closed without losing access and control
Most administrators forget that a vulnerability or hacker can use and exploit the same means of access to a cloud server that the administrator uses.
Dynamically open any port on demand – anytime, for anyone, and from anywhere
Security needs to be as flexible as the life of the everyday administrator requires. Cloud server administrators and developers often need to access their infrastructure on the road or at home, so it’s critical that the firewall management service be flexible enough to provide the access securely, for anyone, at any time, and from anywhere.
Send time- and location-based secure access invitations to third parties
Cloud server security management solutions should have a secure, yet simple workflow designed to make it easy for your support resources to get access. And that workflow should include automation, such as time-based invitations, location-based access restrictions (i.e., to ensure unauthorized users don’t try to exploit access granted to a third party).
Close ports automatically, so administrators don’t have to manually reconfigure your firewall
One of the greatest supermarket inventions was the automated sliding door. It opens when you’re coming, and it closes when you leave, automatically. Your firewall management service should do the same for your server access, only it must restrict who it provides access to, based on policy, making it both easy and secure.
Enable secure access of cloud servers without fear of getting locked out
The third leg of the cloud security stool – why many administrators do not close their administrative ports, is that they fear being locked out of their cloud servers. A cloud server security management solution can ensure that you’re never locked out, because its API or agent-based approach has a “man on the inside,” providing you with a deep yet secure hook into the server’s firewall to remotely manage your configuration through the management solution.
A key innovation in cloud server security management-as-a-service is the ability to provide secure access leasing – dynamically generated, time-based secure access to cloud servers, which enables customers to close all server administrative ports by default. Ports are opened via policy for any authorized user, but only for the time needed by the user. Once the time is up, the port is automatically closed, securing your machine.
Another critical capability is the ability to segregate administration of machines for both policy management and access. While some IT administrators may need access to a specific set of cloud severs, in many cases they do not need access (or should be prevented for security and compliance reasons) to others.
Your Path to Protection
A cloud server security management service can be leveraged directly by an enterprise or delivered by a service provider. Service providers can bundle such capabilities directly into their offerings, or add it as a value-added security offering. Regardless of the approach, by deploying such a service organizations can dramatically improve their security for their cloud, applications, and the data. Alternatively, organizations can procure a cloud security management service directly from the provider. Either approach provides for provisioning across cloud providers, since the solution operates at a higher level in the stack than either cloud infrastructure or the applied security.
Making the cloud secure is top of mind for everyone who uses it. A cloud server security management service is a great way to do so efficiently and effectively.
Visit www.dome9.com to learn more and to follow our blog.
- » Puppet’s 2019 State of DevOps report: How security needs to fit into continuous delivery
- » SAP embraces Microsoft for stronger preferred cloud partnership
- » Three reasons why killing passwords will improve your cloud security
- » Kubernetes and multi-cloud: How to monitor your modern applications effectively
- » Why the future of data security in the cloud is programmable