How do you successfully secure data and infrastructure in the cloud? There’s no short answer to that question, and it requires a comprehensive approach coupled with a paradigm shift.
That’s the perspective of Dave Meizlik, Vice President of Marketing at Dome9, a service provider for cloud security.
Dome9 helps organizations secure cloud and hosted servers in environments such as Amazon EC2, Rackspace (News - Alert) and GoGrid. This is a whole different world from non-cloud network security.
“Traditional security technology follows a perimeter-based approach,” Meizlik explained during a TMCnet video interview. “In the cloud, beyond the perimeter, you have to think about both access and how you’re managing the security you deliver.”
The main challenge is that cloud infrastructure is very elastic, and associated security must also be very elastic, as well as efficient.
For Dome9, the primary focus is access security.
For example, in an environment like EC2, ports are often left open for administrative purposes, like remote desktop. This means that the only security in place for the open SSH ports is a username and password.
Dome9’s security solutions let customers close all administrative ports by default, opening them only when needed — for specified lengths of time, limited to the specific user’s IP address. After the set time period ends, the port automatically closes.
The other side of what Dome9 does is cloud infrastructure management. Meizlik explained that in traditional data centers, the number of servers available was fixed, and provisioning more took time. In the cloud, this kind of scaling can be done instantaneously, which necessitates solutions that allow quick and efficient scaling of security.
Dome9 does this mostly through automation of security rules.
For more discussion about cloud security, and what’s next for Dome9, watch the full video interview.