Protecting Private Clouds
I've had a bit of a struggle with the definition of a private cloud because vendors, like with just about any other buzz word, often toss the phrase around without knowing or caring about its true meaning.
To me, a private cloud should have all the attributes of the kind of cloud owned by an Amazon or Rackspace. It should be a true utility, meaning that one needn't worry about capacity or backup. It should just work no matter what workloads are thrown at it. That means it is elastic, automatically absorbing spikes in demand.
Private clouds are based on virtual servers which have the ability to shift workloads through sophisticated orchestration and have an infrastructure that is a bit overbuilt or has spillover through a service provider in the event that extra processing is needed.
Glad I got all that off my chest!
So how does security fit it? It speaks to the VM part. Because the private cloud is really a set of moving VM parts, your security has to layer intelligently on top. Brian Robertson from Crossbeam Systems lives in this world and has a few words, actually paragraphs, actually pages of advice.
First, just a bit more about the problem. Let's say you move a VM from one server to another. No, let's say you regularly move lots of VMs from server to server. If the security isn't 100 percent in lockstep, these VMs may be vulnerable.
Robertson's main advice is to take a high-level philosophical approach and to "think of security as an extension of the private cloud and to develop a virtualization strategy that enables network security to be as dynamic as the rest of the environment."
Specifically, Robertson advises implementing "intelligent automation that understands the security environment to ensure optimal performance and reliability," moving to take as many of your disparate physical hardware security appliances as possible and consolidate them, and build a security infrastructure that scales as the private cloud grows.
Posted by Doug Barney on 06/12/2012 at 12:47 PM