Welcome!

Cloud Security Authors: Elizabeth White, Ed Featherston, Liz McMillan, Derek Weeks, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

Safeguarding Management and Security in the Cloud

An exclusive Q&A with David Meizlik, Vice President of Marketing at Dome9 Security

"One of the greatest challenges to security in the cloud is management," noted David Meizlik, Vice President of Marketing at Dome9 Security, in this exclusive Q&A with Cloud Expo Conference Chair Jeremy Geelan. "With cloud computing," Meizlik explained, "the infrastructure is owned and maintained by a third party, so you can't just walk down the hall to get to your infrastructure."

Cloud Computing Journal: Cloud computing represents the advent of a global computing utility that transcends national boundaries. Is that what makes clouds a challenge from a security point of view?

David Meizlik: Globalization is more a challenge from a governance and compliance perspective. The greatest challenge to security in the cloud is that traditional security models don't apply. Take, for example, the firewall. Firewalls were designed to protect the perimeter. The cloud, however, is outside any perimeter, and thus a traditional enterprise IT approach to firewalling is simply not practical. Fundamentally, as we re-architect our infrastructure we need to re-architect our security. It's an opportunity and not just a challenge.

Cloud Computing Journal: What about other aspects of vulnerability; what are the other unique problems of cloud computing from a security standpoint?

Meizlik: One of the greatest challenges to security in the cloud is management. With cloud computing, the infrastructure is owned and maintained by a third party, so you can't just walk down the hall to get to your infrastructure. What's more, the infrastructure is extremely portable and elastic. This is a terrific challenge because at the end of the day if you can't scale your security to match your infrastructure, you've got gaps in your coverage.

Cloud Computing Journal: Is it really possible to automate firewall management clouds? For private clouds only or public ones as well?

Meizlik: Absolutely, and it's not just possible, it's critical. Cloud infrastructure (private, public, and hybrid) is highly elastic, and thus your security must be too. Now since the cloud doesn't have a perimeter, you have to deploy and manage firewalling at the cloud server. The only way to scale this efficiently, however, is through automation; specifically, time-based controls that, by default, close administrative ports like SSH and RDP and open them on demand, only when, for whom, and as long as is needed. This ensures your servers are always secure, and because your security is server side, your policies are always coupled with your infrastructure, however large and wherever present.

Cloud Computing Journal: How about companies that want to secure both their cloud and their on-premise assets, does a hybrid approach make security more difficult?

Meizlik: A hybrid approach to security is more complicated for two reasons: 1) 99% of traditional security doesn't extend to cover the cloud, and 2) the process for securing the cloud is different from on-premise infrastructure. The first is probably sufficiently evident to anyone that's read beyond page one of most security vendor's product brochures. The second, however, is more abstract, and sometimes difficult to discern. Let me illustrate by example: in the traditional enterprise, many server admin ports (e.g., SSH, RDP, etc.) are left open because the server sits behind a corporate perimeter where there's less risk and more internal controls. When you move that same server to the cloud, outside of the corporate perimeter, most of those internal controls are absent and the risk is much greater. Thus, a practice of leaving admin ports open now presents a great threat. So following the same process for the same server but in a different infrastructure presents a real problem.

Cloud Computing Journal: Is it really true that there are sysadmins in this day and age who, say, leave ports such as SSH, RDP, and MYSQL open so they can connect to and manage their cloud servers? Wouldn't that be sheer madness?

Meizlik: Yes; Admins do it every day for two simple reasons: 1) old habits die hard - they've done it for years inside their corporate network where they had a firewall perimeter and the risk wasn't as great, and 2) manually opening and closing server ports every time you need to work on a server is a real headache and simply not scalable.... Well, not scalable without automated firewall management. ;-)

Cloud Computing Journal: For an organization looking to deploy to the cloud and capture all the benefits the cloud has to offer, do you think there is anything MORE important than getting the security piece right?

Meizlik: No - security is, bar none, the biggest concern of cloud adopters. Getting it right is absolutely critical to successfully leveraging the benefits of cloud computing.

More Stories By Jeremy Geelan

Jeremy Geelan is Chairman & CEO of the 21st Century Internet Group, Inc. and an Executive Academy Member of the International Academy of Digital Arts & Sciences. Formerly he was President & COO at Cloud Expo, Inc. and Conference Chair of the worldwide Cloud Expo series. He appears regularly at conferences and trade shows, speaking to technology audiences across six continents. You can follow him on twitter: @jg21.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lea...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
Adobe is changing the world though digital experiences. Adobe helps customers develop and deliver high-impact experiences that differentiate brands, build loyalty, and drive revenue across every screen, including smartphones, computers, tablets and TVs. Adobe content solutions are used daily by millions of companies worldwide-from publishers and broadcasters, to enterprises, marketing agencies and household-name brands. Building on its established design leadership, Adobe enables customers not o...
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Ask someone to architect an Internet of Things (IoT) solution and you are guaranteed to see a reference to the cloud. This would lead you to believe that IoT requires the cloud to exist. However, there are many IoT use cases where the cloud is not feasible or desirable. In his session at @ThingsExpo, Dave McCarthy, Director of Products at Bsquare Corporation, will discuss the strategies that exist to extend intelligence directly to IoT devices and sensors, freeing them from the constraints of ...
SYS-CON Events announced today that Sheng Liang to Keynote at SYS-CON's 19th Cloud Expo, which will take place on November 1-3, 2016 at the Santa Clara Convention Center in Santa Clara, California.
Technology vendors and analysts are eager to paint a rosy picture of how wonderful IoT is and why your deployment will be great with the use of their products and services. While it is easy to showcase successful IoT solutions, identifying IoT systems that missed the mark or failed can often provide more in the way of key lessons learned. In his session at @ThingsExpo, Peter Vanderminden, Principal Industry Analyst for IoT & Digital Supply Chain to Flatiron Strategies, will focus on how IoT de...
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to connect your brand strategy with the right consumer. 24Notion ranked #12 on Corporate Social Responsibility - Book of List.
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Businesses are struggling to manage the information flow and interactions between all of these new devices and things jumping on their network, and the apps and IT systems they control. The data businesses gather is only helpful if they can do something with it. In his session at @ThingsExpo, Chris Witeck, Principal Technology Strategist at Citrix, will discuss how different the impact of IoT will be for large businesses, expanding how IoT will allow large organizations to make their legacy ap...
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
What does it look like when you have access to cloud infrastructure and platform under the same roof? Let’s talk about the different layers of Technology as a Service: who cares, what runs where, and how does it all fit together. In his session at 18th Cloud Expo, Phil Jackson, Lead Technology Evangelist at SoftLayer, an IBM company, spoke about the picture being painted by IBM Cloud and how the tools being crafted can help fill the gaps in your IT infrastructure.
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
In his session at @ThingsExpo, Kausik Sridharabalan, founder and CTO of Pulzze Systems, Inc., will focus on key challenges in building an Internet of Things solution infrastructure. He will shed light on efficient ways of defining interactions within IoT solutions, leading to cost and time reduction. He will also introduce ways to handle data and how one can develop IoT solutions that are lean, flexible and configurable, thus making IoT infrastructure agile and scalable.
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...