Security: In the Cloud, For the Cloud & By the Cloud…
When my I interact with folks and they bring up the notion of “Cloud Security,” I often find it quite useful to stop and ask them what they mean. I thought perhaps it might be useful to describe why.
In the same way that I differentiated “Virtualizing Security, Securing Virtualization and Security via Virtualization” in my Four Horsemen presentation, I ask people to consider these three models when discussing security and Cloud:
- In the Cloud: Security (products, solutions, technology) instantiated as an operational capability deployed within Cloud Computing environments (up/down the stack.) Think virtualized firewalls, IDP, AV, DLP, DoS/DDoS, IAM, etc.
- For the Cloud: Security services that are specifically targeted toward securing OTHER Cloud Computing services, delivered by Cloud Computing providers (see next entry) . Think cloud-based Anti-spam, DDoS, DLP, WAF, etc.
- By the Cloud: Security services delivered by Cloud Computing services which are used by providers in option #2 which often rely on those features described in option #1. Think, well…basically any service these days that brand themselves as Cloud… 😉
At any rate, I combine these with other models and diagrams I’ve constructed to make sense of Cloud deployment and use cases. This seems to make things more clear. I use it internally at work to help ensure we’re all talking about the same language.
/Hoff
Related articles by Zemanta
- [Webinar] Cloud Based Security Services: Saving Cloud Computing Users From Evil-Doers (rationalsurvivability.com)
- The Four Horsemen Of the Virtualization (and Cloud) Security Apocalypse… (rationalsurvivability.com)
- DDoS – A Moose On Cloud’s Table Or A Pea Under The Mattress? (rationalsurvivability.com)
- Six Year Old Rationalizes the Cloud (rationalsurvivability.com)
- Cloud Computing Security: (Orchestral) Maneuvers In the Dark? (rationalsurvivability.com)
- Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure (rationalsurvivability.com)
- You Can’t Secure The Cloud… (rationalsurvivability.com)
- Security and the Cloud – What Does That Even Mean? (rationalsurvivability.com)
![Reblog this post [with Zemanta]](https://i0.wp.com/img.zemanta.com/reblog_e.png)
This is kind of off-topic, but it's along the same lines. If you use a load balancer to do ssl termination/offloading for an app, and you then move that app into the clouds, would you still do ssl termination/offloading in the virtual load balancer? Or would you simply add that memory/cores count into the server farm and only use the virtual load balancer to load balance? What would be the difference between the encrypt/decrypt operations done in a virtual load balancer compared to doing the same encrypt/decrypt operations on the virtual host? (this is assuming you don't have a Cavium daughter-board in the host)