Cloud computing brings unquestionable benefits, but amid all of the congratulatory rhetoric, it is important to understand the dangers so that we can prepare for them. In this series of three blog posts, I’ll explain those dangers, and create a security vision for IT departments to counter them. Finally, I’ll explain how log management must be used to tie broader security management tools into the cloud.
Many companies, especially larger ones, may not be ready to hand their computing infrastructures over entirely to third party providers as part of the public cloud. Instead, they may choose to take advantage of private cloud technology, which provides a useful alternative.
Private cloud technology gives companies the best of both worlds. They enjoy many of the benefits of cloud computing, including elasticity of storage and computing resources, and reduced capital expenditure on hardware. They get to retain control of the computing infrastructure that they own, which ostensibly reduces the security risks associated with having a company outside their control manage computing resources.
However, the security issues don’t entirely disappear into the cloud. They simply change form.
Private clouds are designed to appear like a black box to the end-user. They can be pulled and tweaked to extract the resources that the customer wants, when they want. But the inverse is true to the IT department. It needs to understand the inner workings of its infrastructure so that it can make critical decisions. The end user’s perception of the cloud as a black box doesn’t change that requirement.
IT departments are grappling with the need to keep track of all aspects of their cloud infrastructure, so that they can keep control of their security. The moment that they stop watching their private cloud is the moment when they can no longer be sure of its security. On top of all the other issues associated with private cloud deployments, IT departments are faced with questions such as: "how do we log all of our cloud-based activities for subsequent event analysis?" and "When we turn something off in the virtual environment, how do we maintain that data in a specific manner?"
These questions have particular relevance in areas such as compliance, which will attract the attention of senior business management. IT departments must be ready to answer them. In the next two blog posts, we’ll explain how.
Guy Churchward is President & CEO at LogLogic. He joined the company from NetApp, following senior positions at Sun Microsystems, Santa Cruz Operations, Accenture and Olivetti.