There’s a lot of talk about cloud computing and cloud security this week as many people are attending VMworld in Las Vegas (follow Trend Micro at VMworld). But not all types of cloud security are best suited for all types of cloud computing.
When people generically refer to “cloud computing” they usually mean the public cloud. But what about private clouds or hybrid clouds? The May 2011 Trend Micro cloud survey results showed that companies are adopting all three models almost equally. Although there are certainly overlaps in security best practices across these models, there are also differences, and your security should be able to address the security risks in your specific cloud deployment.
For this discussion, let’s look at private, hybrid, and public Infrastructure as a Service (IaaS) clouds. Regardless of which cloud model you deploy, you’ll actually want similar protection as you would on a physical machine—firewall, antimalware, intrusion detection and prevention, application control, integrity monitoring, log inspection, encryption, etc. But you’ve turned to cloud computing to reap the benefits of flexibility, cost savings, and more. Your cloud security should work with your cloud model to maximize these benefits. How this is done varies by type of cloud.
Virtual Data Centers and Private Clouds
In both virtual data centers and private clouds you control the hypervisor. In these environments, your cloud security should integrate with the hypervisor APIs to enable agentless security. This approach deploys a dedicated security virtual machine on each physical host and uses a small footprint driver on each guest VM to coordinate and stagger security scans and updates. This approach has numerous benefits, including better performance, higher VM ratios, faster protection with no off-box security communication needed, and less administrative complexity with no agents to deploy, configure, or update. In addition, security such as hypervisor integrity monitoring can help protect these environments.
In a public IaaS environment, businesses don’t get control over the hypervisor because it’s a multi-tenant environment. Without hypervisor control, security needs to be deployed as agent-based protection on the VM-level, creating self-defending VMs that stay secure in the shared infrastructure and that help maintain VM isolation. Although the agents put more of a burden on the host, the economies of scale in a public cloud compensate, and there are additional cost benefits with capex savings and a pay-per-use approach.
With hybrid clouds, you use both a private and public cloud to leverage the different benefits of both. Your cloud security should have flexible deployment options, so you can get better performance in your private cloud with agentless security and can create self-defending VMs in your public cloud deployment. In addition, if you want certain VMs to travel between your private and public clouds, you should be able to use agent-based security that travels with the VMs, but that still coordinates with the dedicated security virtual appliance when in your private cloud to stagger scans and preserve performance. Of course, all of these security deployments should be managed through one console—this should actually cover your physical, virtual, and private, public, and hybrid cloud server security.
Trend Micro just published a new web page on Total Cloud Protection and a white paper, Total Cloud Protection: Security for Your Unique Cloud Infrastructure. The paper discusses different cloud models, security designed for each model, and Trend Micro solutions. Your cloud security should maximize your cloud benefits and help accelerate your cloud ROI. Why settle for anything less?