TMC's Advisor

The Advisor is published by TMC

Securing the Cloud

There are a number of reasons why traditional security approaches are futile when they are applied to cloud security. Mainly, it’s that they are designed for isolated, unchanging systems, with a set of rules that the security systems can follow. However, the cloud is not unchanging, and it frequently does not adhere to the rules that we may think of.

By Elleni Koskinen

Elleni Koskinen is the editor of the Advisor, a researcher, and oversees TMC benchmarking studies.

Traditional Security

Traditional datacenter defenses are designed to protect a defined perimeter by monitoring and controlling data that moves in and out of the network environment. Defending the perimeter requires a layered defense strategy that typically includes five components. Let’s explore what they are, and why they aren’t effective in the cloud.

Routers

Routers provide a connection point between the datacenter and the outside world. However, with a cloud- based system, there is no “outside,” as anyone with an internet connection is able to connect to cloud-based services.

Firewalls

Firewalls monitor activity in and out of the network, and filter traffic based on predetermined rules. However, in the cloud, there is no datacenter that acts as the central hub, so there is nothing for a firewall to surround and protect.

Antivirus/Malware Protection

Antivirus and malware software scans for malicious code by comparing it to known signatures. However, with almost unlimited users that can access the cloud (and each from multiple devices), it would be impossible for the protection software to distinguish “safe” from “unsafe” in this way.

Intrusion Detection and Prevention

Intrusion detection and prevention monitors activity within the network to identify activity that violates specified policies. However, in the cloud, policies may not be explicitly outlined, or they may rapidly change as the cloud reconfigures itself to adapt to current requirements. As a result, the ongoing monitoring capability is seriously limited.

Access and Identity

Management

Access and identity management focuses on setting policies to manage access to applications and data. This is usually accomplished through identity authentication. However, as previously mentioned, there is an unlimited number of potential users of cloud-based services, and authenticating every one is not only impractical, but is next to impossible.

Next Steps

Clearly, a common security concern which exists with all five of the components just listed, is that the cloud is constantly changing (in fact that’s one of its most attractive features). This means that any security system which relies on strict rules is not well suited to the fast-paced and constantly reconfiguring environment of the cloud. Any system that hopes to meet the security needs of the cloud will itself need to be fast-paced and malleable to a variety of conditions. This can only be accomplished through continuous, real- time monitoring of activity. The analysis of this activity can then help the system determine a baseline for normal functioning and help to identify unusual behavior through alterations to that baseline. Reconfiguration of the security system should also be done on a continuous basis, in order to keep pace with the changes that the cloud itself is undergoing. Obviously, the prospect of securing such a vast and massive amalgamation of data is complicated, but luckily by employing new techniques, it is not impossible.

If you’d like to comment on this article or explore these ideas further, contact me at .

This article was published in the April 2022 edition of The TMC Advisor
- ISSN 2369-663X Volume:9 Issue:1

©2022 TMC Consulting