By now, everyone knows that security is the number one concern among enterprises considering moving to the cloud, inhibiting cloud adoption. But lesser known is what to do to mitigate some of the security risks and concerns.
Today there are more than 30 million cloud and virtual private servers in use, and most are vulnerable to attack.
One of the greatest threats to cloud servers is unsecured access. Developers and administrators leave ports such as RDP and SSH open so they can connect to and manage their machines. But this practice leaves these and other service ports open to attack from hackers.
As an example, the recent Morto Worm exploited a significant Windows RDP vulnerability.
Many administrators don’t think about this and other cloud server access issues. In fact, in a recent survey by the Ponemon Institute (News - Alert), more than half of those surveyed said have no knowledge of the risks. Perhaps worse yet, 42 percent said they wouldn’t know if their cloud server was hacked because of an open port.
What’s more, there’s confusion as to who is responsible for securing cloud servers. In this Ponemon study, respondents were split in their opinion about who was responsible – the provider, the consumer, or both.
Finally, traditional, on-premises security fails to cover the cloud – and security provided by cloud service providers is limited, cumbersome to use, and isolated to each provider's cloud.
Security in the cloud needs to be as elastic as the cloud – if it’s not scalable and manageable then it’s not going to be effective. Without efficient and effective management, security controls are often misapplied, leading to high complexity and cost and/or vulnerable infrastructure, or just flatly ignored. And the front-line defense, the cloud server firewall, is neither scalable nor manageable for most cloud users and service providers, leaving their cloud servers vulnerable to attack.
The following recommended steps to securing servers in the cloud will help IT practitioners reduce their overall risk, and improve the security of their organization’s data in the cloud:
1. Close Service Ports by Default
Instead of leaving ports such as RDP, SSH or phpMyAdmin open and vulnerable to attack, close them by default and open them only when, for whom, and as long as is needed. When your service ports are closed, your server is virtually invisible to hackers since the server does not respond to an attacker’s ports scans or exploits.
2. Make Your Security as Elastic as Your Cloud
As you re-architect your infrastructure, take the opportunity to re-architect your security too, keeping in mind that you need to be able to scale security instantaneously (for all those micro-perimeters) as your infrastructure scales, without adding management overhead.
3. Take Ownership of Your Security
The jury’s out as to who’s responsible for cloud security. Take ownership of your security. Thinking your provider will handle it for you is an assumption you don’t want to make. Cloud hosting providers and vendors provide an abundance of controls and tools, but how you secure your servers is up to you.
4. Abstract Security from the Infrastructure
Nowadays you don’t use a single consume computing resource; it’s often dispersed across multiple accounts, regions, and even providers. When you abstract your security from the infrastructure, you can centralize your policy management and controls regardless of where and how the computing is consumed. This gives you the ability to support a wide array of cloud computing environments, streamline management, and all without any additional risk.
5. Raise Awareness and Support Innovation
Your employees and those across the enterprise are going to consume computing resource without your knowledge. If you embrace this they’re more apt to let you know and to listen to your suggestions for how to secure it. As a carry over to the last point, if you embrace a heterogeneous computing infrastructure but abstract security controls, you can maintain a very capable set of controls.
6. Get Help
Look to tools like encryption, malware protection and firewalling to help secure your cloud. As you do, however, be sure they include automation and super simple management so you can scale efficiently.
Making your cloud servers impenetrable is a must-do for every IT administrator working to migrate applications and other critical data to the cloud. As new technologies continue to emerge offering scalable, reliable, elastic and flexible functionality, security for the cloud will happen sooner rather than later. Taking these precautions now will set you on the right path.
Edited by Braden Becker