Intelligent CIO Europe Issue 08 | Page 105

/////////////////////////////////////////////////////////////////////////////////////////// FINAL WORD
Professor Avishai Wool , CTO and Co-founder at AlgoSec
Extending network security to the cloud
In addition to these security basics , IT teams also need to look at how they should extend network security to the cloud . While some security functionality is built into cloud infrastructures , it is less sophisticated than the security offerings from specialist vendors .
As such , organisations that want to use the cloud to store and process sensitive information are well advised to augment the security functionality offered by AWS with virtualised security solutions , which can be deployed within the AWS environment to bring the level of protection closer to what they are used to within on-premise environments . will secure the server and this carries over when putting servers in the cloud . So , when utilising the cloud , security teams need to step in and establish a perimeter , define policies , implement controls and put in governance to ensure their data and servers are secured and managed effectively – just as they do with their on-premise network .
Security 101 for cloud data
This means you will still need to apply all the basics of on-premise network security when utilising the public cloud : access controls defined by administration rights or access requirements and governed by passwords ; filtering capabilities defined by which IP addresses need connectivity to and from one another .
You still need to consider if you should use data encryption and whether you should segment the AWS environment into multiple virtual private clouds ( VPC ). Then you will need to define which VPCs can communicate with each other and place VPC gateways accordingly with access controls in the form of security groups to manage and secure connectivity .
You will also need controls over how to connect your AWS and on-premise environments , for example using a VPN . This requires a logging infrastructure to record actions for forensics and audits to get a trail of who did what . None of these techniques are new , but they all have to be applied correctly to the AWS deployment , to ensure it can function as expected .
Many firewall vendors sell virtualised versions of their products customised for Amazon . While these come at a cost , if you want to be serious about security , you need more than the measures that come as part of the AWS service . Ultimately , you need to deploy additional web application firewalls , network firewalls and implement encryption capabilities to mitigate your risks of being attacked and data being breached .
This has the potential to add overall complexity to the security management . However , using a security policy management solution will greatly simplify this , enabling security teams to have visibility of their entire estate and enforce policies consistently across both AWS and the onpremise data centre while providing a full audit trail of every change . • www . intelligentcio . com INTELLIGENTCIO
105