SlideShare une entreprise Scribd logo

Cloud servers-new-risk-considerations

Accenture
Accenture
1  sur  5
Télécharger pour lire hors ligne
w h i t e pa p e r Cloud Servers: New Risk Considerations Overview.....................................................................................2 Cloud Servers Attract e-Criminals...........................................2 Servers Have More Exposure in the Cloud.............................3 Cloud Elasticity Multiplies Attackable Surface Area..............3 The Boomerang Problem..........................................................4 Managing New Cloud Risks.....................................................4 About CloudPassage................................................................5 Copyright © 2011, CloudPassage Inc. 1
Overview The tremendous scalability, flexibility, and speed of Infrastructure-as-a-Service (IaaS) make it one of the fastest-growing sectors of the cloud computing markets. IaaS providers combine virtualization technologies with massive infrastructure to deliver bandwidth, storage, and CPU power on-demand and with granular control over scale and costs. The potential benefits of hosting applications and workloads on cloud servers are enormous, making cloud servers the de facto norm for a rapidly growing set of use cases. Security and compliance, however, remain major challenges to adoption of public cloud infrastructure services. Usage agreements and documentation squarely make the user of IaaS, not the provider, responsible for protecting servers, applications and data in the cloud – essentially everything from the virtual machine OS upward in the stack.1 It is critical for organizations to understand the issues around securing IaaS environments as they move toward the flexibility, scale, and power of cloud hosting. The first step to understanding the issues is awareness of new exposures, threats, and risks. This white paper from CloudPassage presents specific details on the most pertinent new risks associated with adoption of cloud IaaS. It is based on real world learning, shared by companies we have worked with, to achieve security and compliance in the cloud. Software companies moving to SaaS business models, growing social media startups and long-established industry bellwethers have contributed to this knowledge. Cloud Servers Attract e-Criminals Online fraud has grown into a sophisticated underground economy that requires infrastructure on a massive scale. Phishing, password cracking, and denial of service attacks leverage botnets – illicit networks built from huge numbers of compromised servers and personal computers. Botnets consist of thousands of “zombies” – personal computers infected by malware – which carry out commands on behalf of the botnet operator. These compromised computers can bombard web servers with denial-of-service attacks, fire thousands of password attempts per hour, and participate in dozens of other online cracking activities. Fraudsters and e-criminals use command-and-control software to coordinate zombie attack execution. Command-and-control most frequently operates from compromised servers, without the server owner’s knowledge. Fraudsters demand a constant stream of freshly compromised servers to keep botnets running. An entire underground business known as bot herding2 emerged to capitalize on this illicit need. Bot-herders make their living by building botnets to then sell or rent to other e-criminals. This practice has evolved to the point of Fraud-as-a-Service, the sale of prebuilt botnets ondemand, for a few hundred dollars a month.3 It takes bot herders’ time and resources to seek out and compromise vulner- able servers. Economies of scale and cost-benefit apply to a bot herding business just as any other. 1 For example, Amazon Web Services refers to this as the “shared responsibility model” in the AWS Overview of Security Processes. 2 See http://en.wikipedia.org/wiki/Bot_herder 3 The term “Fraud-as-a-Service” is attributed to RSA, the Security Division of EMC. See “RSA Online Fraud Report” (April 2008) Copyright © 2011, CloudPassage Inc. 2
Compromising an elastic cloud infrastructure environment can return a windfall versus hacking into a traditional hardware server. If a bot-herder is able to place command-and-control software on a VM that later is duplicated through cloning or cloud bursting, the botnet capacity will automatically grow. For stakeholders in cloud hosting environments, the implication is a higher expectation of being targeted for server takeovers, root-kitting and botnet command-and-control insertions. Servers Have More Exposure in the Cloud Servers hosted in public IaaS environments have more exposure to compromise than servers do within the traditional data center, where layers of perimeter controls defend server weaknesses from exploit. Cloud IaaS environments rarely offer the control over network topology required to implement perimeter security strategies. As a result, vulnerabilities on each cloud server are more exposed to compromise than those in a traditional data center. In a typical private data center environment, security chokepoints and/or network demarcation zones (DMZs) exist; firewalls, intrusion detection systems (IDS) and UTM devices easily inspect external traffic from sources such as Internet connectivity. Typically, hardware acceleration within the data center boosts performance and compensate for the processing demands required to inspect and control all network traffic in and out of an organization. Because public IaaS environments rarely offer control over hardware or topology, these control mechanisms are unavailable to enterprises hosting servers there. Traditional perimeter security depends heavily on control over network factors like IP addressing, physical topology and routing. Customers of cloud IaaS do not have this control; the cloud provider usually dictates network addressing and routing. Server IP addresses are unpredictable, creating serious complications in configuring security mechanisms. Public IaaS environments also typically segment network traffic at the VM level, meaning the only traffic a server can see is its own. It is not possible to use network-level IDS, IPS or wire-level UTM mechanisms in this environment. The performance implications of each cloud server performing traffic inspection at the wire level are staggering, especially given the lack of hardware control. Even in a traditional data center with perimeter defenses in place, server-level security such as hardening, secure application configuration, and patch management are important. In the cloud, where front-line defenses are extremely limited, server-level security protection is critical. Cloud servers are largely on their own to protect themselves; strong and highly automated host-based controls are essential. Cloud Elasticity Multiplies Attack Surfaces Elasticity is a key differentiator distinguishing IaaS from other infrastructure hosting models. Servers are no longer boxes mounted to racks bolted to the floor. With virtualization and cloud technologies, servers are now files and metadata that can be instantly copied, migrated, and stored offline for later reactivation – in other words, elastic. This elasticity provides companies with the ability to cloudburst, expanding the number of servers and available compute power within minutes. However, this significantly increases the risk of compromise. The problem is quite simply that as a virtual server duplicates so do its vulnerabilities and exposures. Given the speed with which servers can multiply, this issue increases the attackable surface area of a cloud server farm dramatically within minutes. Inactive machine images or snapshots are virtual machines that are saved for later reactivation or as a Copyright © 2011, CloudPassage Inc. 3
template for new servers. While this capability is clearly useful, offline server images do not get updates regarding newly discovered vulnerability, policy changes, or modification to user accounts and access rights. When a hibernated server is reactivated, there will be access privileges, software vulnerabilities, and outdated configurations that expose it to immediate compromise. When adopting a cloud-hosting model, system administrators and other stakeholders should be aware of and account for these issues. One misconfigured server, either created recently or resurrected from storage, could multiply during cloning and cloud-bursting operations to become the “Typhoid Mary” of the cloud farm. The Boomerang Problem Organizations often turn to cloud hosting for application development Public cloud hosting reduces bar- riers to application development, increasing speed to market for technology-related products. Special infrastructure skills, network configuration and hardware setup time are minimal. This is an attractive proposition, especially for business and technology managers frustrated with the perceived delays and red tape associated with infrastructure setup. Sometimes central information technology organizations sanction cloud-based development efforts; in some instances, individually business units charge ahead independently. At some point, all successful development projects go into production. Sometimes the application continues to run in the public cloud environment. Often the application code comes back in-house with the cloud server in a ready-to-run virtual machine image. If cloud servers used for development are not secured properly, disastrous results often occur. These servers are highly exposed, and often the dynamic nature of application development masks signs of intrusion. Compromise impact could include code theft or insertion of malicious functionality into the new application. Any live data used for development purposes (a disturbingly frequent occurrence) could be at risk and compromised with the server. If rootkits or other malware are dropped onto the cloud server, that malware could come back to the enterprise data center. Managing New Cloud Risks Clearly there is new set of exposures and risks associated with hosting applications, data and workloads in public IaaS environments. Perimeter-oriented methods of protection that have worked for years are highly difficult or completely untenable in these environments. The dynamic nature of public and hybrid cloud server farms further complicates matters. The lack of options to protect servers in high-risk public clouds can be the deal-killer that stops companies from embracing public IaaS and realizing the obvious benefits. There is a need to bridge the gap between traditional perimeter-oriented data center security and security in dynamic cloud environments. Securing the server itself in an automated, portable, and elastic manner represents the most effective approach to practical survivability in public and hybrid clouds. By implementing best practices in a cloud-capable, elastic model, enterprises can create security for cloud-hosted applications and data that meets or exceeds what traditional perimeter-centric models can deliver. n Copyright © 2011, CloudPassage Inc. 4
This paper is the first in a series of white papers from CloudPassage. This series will offer technical and operational security considerations found valuable in developing real-world strategies for securing IaaS hosting environments. In later white papers, CloudPassage will examine models, best practices, and technology alternatives for achieving portable cloud server security. Visit us at www.cloudpassage.com to learn more. About CloudPassage CloudPassage is a security SaaS company offering the industry’s first and only server security and compliance solutions purpose-built for elastic cloud environments. The company addresses the technical challenges of securing highly dynamic cloud hosting environments where consis- tent physical location, network control and perimeter security are not guaranteed. The company’s early product feature set includes high-accuracy server security configuration and vulnerability management and centralized management of host-based firewalls. The innovative capabilities of the Halo platform operate across infrastructure models and seamlessly handle cloud server bursting, cloning, and migration. Headquartered in Menlo Park, California, CloudPassage is backed by a number of well-known venture capital firms and angel investors. Copyright © 2011, CloudPassage Inc. 5

Recommandé

Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsSiddharth Coontoor
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityRashmi Agale
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 

Recommandé

Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory White Paper: Security in the Cloud pt 2/2
Zimory White Paper: Security in the Cloud pt 2/2Zimory
 
Risk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsRisk Analysis and Mitigation in Virtualized Environments
Risk Analysis and Mitigation in Virtualized EnvironmentsSiddharth Coontoor
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityRashmi Agale
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust and VMware-Providing a Secure Virtual Infrastructure
HyTrust and VMware-Providing a Secure Virtual Infrastructure HyTrust
 
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSIJCNCJournal
 
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityBooz Allen Hamilton
 
Ea33762765
Ea33762765Ea33762765
Ea33762765IJERA Editor
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
14 49-1-pb
14 49-1-pb14 49-1-pb
14 49-1-pbEditor IJARCET
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responsesshafzonly
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
PCI DSS & Virtualization
PCI DSS & Virtualization PCI DSS & Virtualization
PCI DSS & VirtualizationTobyRobinson13
 
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...elisasson
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computingRyo Matsumoto
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik FergusonCloudExpoEurope
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risksRevital Lapidot
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureMaliha Ali
 
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET Journal
 
Akfiler12 upgrade advisor
Akfiler12 upgrade advisorAkfiler12 upgrade advisor
Akfiler12 upgrade advisorAccenture
 
Big data, big deal ms it168文库
Big data, big deal ms it168文库Big data, big deal ms it168文库
Big data, big deal ms it168文库Accenture
 
Lifting fog-cloud
Lifting fog-cloudLifting fog-cloud
Lifting fog-cloudAccenture
 
Dw bi
Dw biDw bi
Dw biAccenture
 
Dc design
Dc designDc design
Dc designAccenture
 
Acceleration for big data, hadoop and memcached it168文库
Acceleration for big data, hadoop and memcached it168文库Acceleration for big data, hadoop and memcached it168文库
Acceleration for big data, hadoop and memcached it168文库Accenture
 
Shunra app cloud_whitepaper
Shunra app cloud_whitepaperShunra app cloud_whitepaper
Shunra app cloud_whitepaperAccenture
 
Taneja grouptechnologyvalidation scalecomputing
Taneja grouptechnologyvalidation scalecomputingTaneja grouptechnologyvalidation scalecomputing
Taneja grouptechnologyvalidation scalecomputingAccenture
 

Contenu connexe

Tendances

MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSIJCNCJournal
 
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityBooz Allen Hamilton
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responsesshafzonly
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
PCI DSS & Virtualization
PCI DSS & Virtualization PCI DSS & Virtualization
PCI DSS & VirtualizationTobyRobinson13
 
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...elisasson
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computingRyo Matsumoto
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureMaliha Ali
 
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET Journal
 

Tendances (14)

MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKSMAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
MAINTAINING CLOUD PERFORMANCE UNDER DDOS ATTACKS
 
IT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization SecurityIT Security Risk Mitigation Report: Virtualization Security
IT Security Risk Mitigation Report: Virtualization Security
 
Ea33762765
Ea33762765Ea33762765
Ea33762765
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
14 49-1-pb
14 49-1-pb14 49-1-pb
14 49-1-pb
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
 
PCI DSS & Virtualization
PCI DSS & Virtualization PCI DSS & Virtualization
PCI DSS & Virtualization
 
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computing
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...
 

En vedette

Akfiler12 upgrade advisor
Akfiler12 upgrade advisorAkfiler12 upgrade advisor
Akfiler12 upgrade advisorAccenture
 
Big data, big deal ms it168文库
Big data, big deal ms it168文库Big data, big deal ms it168文库
Big data, big deal ms it168文库Accenture
 
Lifting fog-cloud
Lifting fog-cloudLifting fog-cloud
Lifting fog-cloudAccenture
 
Acceleration for big data, hadoop and memcached it168文库
Acceleration for big data, hadoop and memcached it168文库Acceleration for big data, hadoop and memcached it168文库
Acceleration for big data, hadoop and memcached it168文库Accenture
 
Shunra app cloud_whitepaper
Shunra app cloud_whitepaperShunra app cloud_whitepaper
Shunra app cloud_whitepaperAccenture
 
Taneja grouptechnologyvalidation scalecomputing
Taneja grouptechnologyvalidation scalecomputingTaneja grouptechnologyvalidation scalecomputing
Taneja grouptechnologyvalidation scalecomputingAccenture
 
Cloud adaption
Cloud adaptionCloud adaption
Cloud adaptionAccenture
 
Ak12 upgrade
Ak12 upgradeAk12 upgrade
Ak12 upgradeAccenture
 
Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..Accenture
 
Giga om procloud2013
Giga om procloud2013Giga om procloud2013
Giga om procloud2013Accenture
 
Ast 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analyticsAst 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analyticsAccenture
 
Ast 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analyticsAst 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analyticsAccenture
 
In god we_trust
In god we_trustIn god we_trust
In god we_trustAccenture
 
493144 infosys slides_v5
493144 infosys slides_v5493144 infosys slides_v5
493144 infosys slides_v5Accenture
 
Outils et ressources numériques en Histoire-Géographie
Outils et ressources numériques en Histoire-GéographieOutils et ressources numériques en Histoire-Géographie
Outils et ressources numériques en Histoire-GéographieChristine FIASSON
 

En vedette (20)

Akfiler12 upgrade advisor
Akfiler12 upgrade advisorAkfiler12 upgrade advisor
Akfiler12 upgrade advisor
 
Big data, big deal ms it168文库
Big data, big deal ms it168文库Big data, big deal ms it168文库
Big data, big deal ms it168文库
 
Lifting fog-cloud
Lifting fog-cloudLifting fog-cloud
Lifting fog-cloud
 
Dw bi
Dw biDw bi
Dw bi
 
Dc design
Dc designDc design
Dc design
 
Acceleration for big data, hadoop and memcached it168文库
Acceleration for big data, hadoop and memcached it168文库Acceleration for big data, hadoop and memcached it168文库
Acceleration for big data, hadoop and memcached it168文库
 
Shunra app cloud_whitepaper
Shunra app cloud_whitepaperShunra app cloud_whitepaper
Shunra app cloud_whitepaper
 
Taneja grouptechnologyvalidation scalecomputing
Taneja grouptechnologyvalidation scalecomputingTaneja grouptechnologyvalidation scalecomputing
Taneja grouptechnologyvalidation scalecomputing
 
Cloud adaption
Cloud adaptionCloud adaption
Cloud adaption
 
Ak12 upgrade
Ak12 upgradeAk12 upgrade
Ak12 upgrade
 
Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..Statistically adaptive learning for a general class of..
Statistically adaptive learning for a general class of..
 
Giga om procloud2013
Giga om procloud2013Giga om procloud2013
Giga om procloud2013
 
Ak12 pam
Ak12 pamAk12 pam
Ak12 pam
 
Ast 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analyticsAst 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analytics
 
Ast 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analyticsAst 0060878 wayne-eckerson_research_report_big_data_analytics
Ast 0060878 wayne-eckerson_research_report_big_data_analytics
 
In god we_trust
In god we_trustIn god we_trust
In god we_trust
 
493144 infosys slides_v5
493144 infosys slides_v5493144 infosys slides_v5
493144 infosys slides_v5
 
Maximiser votre marketing
Maximiser votre marketingMaximiser votre marketing
Maximiser votre marketing
 
Keynotes Le Mobile 2013
Keynotes Le Mobile 2013Keynotes Le Mobile 2013
Keynotes Le Mobile 2013
 
Outils et ressources numériques en Histoire-Géographie
Outils et ressources numériques en Histoire-GéographieOutils et ressources numériques en Histoire-Géographie
Outils et ressources numériques en Histoire-Géographie
 

Similaire à Cloud servers-new-risk-considerations

Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Issues in cloud computing
Issues in cloud computingIssues in cloud computing
Issues in cloud computingronak patel
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentIJTET Journal
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environmentsmlaij
 
Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences Markit
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformsPrabhat gangwar
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computingKumayl Rajani
 
Getting the most out of your cloud deployment
Getting the most out of your cloud deploymentGetting the most out of your cloud deployment
Getting the most out of your cloud deploymentJose Lopez
 
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...webhostingguy
 
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfWhitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfFINAP Worldwide
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingIRJET Journal
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platformspurplesea
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET Journal
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM Point of view -- Security and Cloud Computing (Tivoli)IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM Point of view -- Security and Cloud Computing (Tivoli)IBM India Smarter Computing
 

Similaire à Cloud servers-new-risk-considerations (20)

Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threats
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
Issues in cloud computing
Issues in cloud computingIssues in cloud computing
Issues in cloud computing
 
Managing The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New ChallengesManaging The Virtualized Enterprise New Technology, New Challenges
Managing The Virtualized Enterprise New Technology, New Challenges
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
 
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud EnvironmentsA Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
A Multi-Level Security for Preventing DDOS Attacks in Cloud Environments
 
Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences Cyber security providers adopt strategic defences
Cyber security providers adopt strategic defences
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computing
 
Getting the most out of your cloud deployment
Getting the most out of your cloud deploymentGetting the most out of your cloud deployment
Getting the most out of your cloud deployment
 
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
Server Virtualization and Cloud Computing: Four Hidden Impacts on ...
 
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdfWhitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
Whitepaper - Analyzing the Adoption of Cloud Computing For Banking & Finance.pdf
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
 
IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM Point of view -- Security and Cloud Computing (Tivoli)IBM Point of view -- Security and Cloud Computing (Tivoli)
IBM Point of view -- Security and Cloud Computing (Tivoli)
 
IBM Point of View: Security and Cloud Computing
IBM Point of View: Security and Cloud ComputingIBM Point of View: Security and Cloud Computing
IBM Point of View: Security and Cloud Computing
 

Plus de Accenture

Certify 2014trends-report
Certify 2014trends-reportCertify 2014trends-report
Certify 2014trends-reportAccenture
 
Calabrio analyze
Calabrio analyzeCalabrio analyze
Calabrio analyzeAccenture
 
Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Accenture
 
Perf stat windows
Perf stat windowsPerf stat windows
Perf stat windowsAccenture
 
Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Accenture
 
NetApp system installation workbook Spokane
NetApp system installation workbook SpokaneNetApp system installation workbook Spokane
NetApp system installation workbook SpokaneAccenture
 
Migrate volume in akfiler7
Migrate volume in akfiler7Migrate volume in akfiler7
Migrate volume in akfiler7Accenture
 
Migrate vol in akfiler7
Migrate vol in akfiler7Migrate vol in akfiler7
Migrate vol in akfiler7Accenture
 
Data storage requirements AK
Data storage requirements AKData storage requirements AK
Data storage requirements AKAccenture
 
C mode class
C mode classC mode class
C mode classAccenture
 
Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Accenture
 
Reporting demo
Reporting demoReporting demo
Reporting demoAccenture
 
Net app virtualization preso
Net app virtualization presoNet app virtualization preso
Net app virtualization presoAccenture
 
Providence net app upgrade plan PPMC
Providence net app upgrade plan PPMCProvidence net app upgrade plan PPMC
Providence net app upgrade plan PPMCAccenture
 
WSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsWSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsAccenture
 
50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deploymentAccenture
 
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Accenture
 
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Accenture
 
Snap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioSnap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioAccenture
 

Plus de Accenture (20)

Certify 2014trends-report
Certify 2014trends-reportCertify 2014trends-report
Certify 2014trends-report
 
Calabrio analyze
Calabrio analyzeCalabrio analyze
Calabrio analyze
 
Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011Tier 2 net app baseline design standard revised nov 2011
Tier 2 net app baseline design standard revised nov 2011
 
Perf stat windows
Perf stat windowsPerf stat windows
Perf stat windows
 
Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...Performance problems on ethernet networks when the e0m management interface i...
Performance problems on ethernet networks when the e0m management interface i...
 
NetApp system installation workbook Spokane
NetApp system installation workbook SpokaneNetApp system installation workbook Spokane
NetApp system installation workbook Spokane
 
Migrate volume in akfiler7
Migrate volume in akfiler7Migrate volume in akfiler7
Migrate volume in akfiler7
 
Migrate vol in akfiler7
Migrate vol in akfiler7Migrate vol in akfiler7
Migrate vol in akfiler7
 
Data storage requirements AK
Data storage requirements AKData storage requirements AK
Data storage requirements AK
 
C mode class
C mode classC mode class
C mode class
 
Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012Akfiler upgrades providence july 2012
Akfiler upgrades providence july 2012
 
NA notes
NA notesNA notes
NA notes
 
Reporting demo
Reporting demoReporting demo
Reporting demo
 
Net app virtualization preso
Net app virtualization presoNet app virtualization preso
Net app virtualization preso
 
Providence net app upgrade plan PPMC
Providence net app upgrade plan PPMCProvidence net app upgrade plan PPMC
Providence net app upgrade plan PPMC
 
WSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutionsWSC Net App storage for windows challenges and solutions
WSC Net App storage for windows challenges and solutions
 
50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment50,000-seat_VMware_view_deployment
50,000-seat_VMware_view_deployment
 
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
Tr 3998 -deployment_guide_for_hosted_shared_desktops_and_on-demand_applicatio...
 
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
Tr 3749 -net_app_storage_best_practices_for_v_mware_vsphere,_dec_11
 
Snap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenarioSnap mirror source to tape to destination scenario
Snap mirror source to tape to destination scenario
 

Cloud servers-new-risk-considerations

  • 1. w h i t e pa p e r Cloud Servers: New Risk Considerations Overview.....................................................................................2 Cloud Servers Attract e-Criminals...........................................2 Servers Have More Exposure in the Cloud.............................3 Cloud Elasticity Multiplies Attackable Surface Area..............3 The Boomerang Problem..........................................................4 Managing New Cloud Risks.....................................................4 About CloudPassage................................................................5 Copyright © 2011, CloudPassage Inc. 1
  • 2. Overview The tremendous scalability, flexibility, and speed of Infrastructure-as-a-Service (IaaS) make it one of the fastest-growing sectors of the cloud computing markets. IaaS providers combine virtualization technologies with massive infrastructure to deliver bandwidth, storage, and CPU power on-demand and with granular control over scale and costs. The potential benefits of hosting applications and workloads on cloud servers are enormous, making cloud servers the de facto norm for a rapidly growing set of use cases. Security and compliance, however, remain major challenges to adoption of public cloud infrastructure services. Usage agreements and documentation squarely make the user of IaaS, not the provider, responsible for protecting servers, applications and data in the cloud – essentially everything from the virtual machine OS upward in the stack.1 It is critical for organizations to understand the issues around securing IaaS environments as they move toward the flexibility, scale, and power of cloud hosting. The first step to understanding the issues is awareness of new exposures, threats, and risks. This white paper from CloudPassage presents specific details on the most pertinent new risks associated with adoption of cloud IaaS. It is based on real world learning, shared by companies we have worked with, to achieve security and compliance in the cloud. Software companies moving to SaaS business models, growing social media startups and long-established industry bellwethers have contributed to this knowledge. Cloud Servers Attract e-Criminals Online fraud has grown into a sophisticated underground economy that requires infrastructure on a massive scale. Phishing, password cracking, and denial of service attacks leverage botnets – illicit networks built from huge numbers of compromised servers and personal computers. Botnets consist of thousands of “zombies” – personal computers infected by malware – which carry out commands on behalf of the botnet operator. These compromised computers can bombard web servers with denial-of-service attacks, fire thousands of password attempts per hour, and participate in dozens of other online cracking activities. Fraudsters and e-criminals use command-and-control software to coordinate zombie attack execution. Command-and-control most frequently operates from compromised servers, without the server owner’s knowledge. Fraudsters demand a constant stream of freshly compromised servers to keep botnets running. An entire underground business known as bot herding2 emerged to capitalize on this illicit need. Bot-herders make their living by building botnets to then sell or rent to other e-criminals. This practice has evolved to the point of Fraud-as-a-Service, the sale of prebuilt botnets ondemand, for a few hundred dollars a month.3 It takes bot herders’ time and resources to seek out and compromise vulner- able servers. Economies of scale and cost-benefit apply to a bot herding business just as any other. 1 For example, Amazon Web Services refers to this as the “shared responsibility model” in the AWS Overview of Security Processes. 2 See http://en.wikipedia.org/wiki/Bot_herder 3 The term “Fraud-as-a-Service” is attributed to RSA, the Security Division of EMC. See “RSA Online Fraud Report” (April 2008) Copyright © 2011, CloudPassage Inc. 2
  • 3. Compromising an elastic cloud infrastructure environment can return a windfall versus hacking into a traditional hardware server. If a bot-herder is able to place command-and-control software on a VM that later is duplicated through cloning or cloud bursting, the botnet capacity will automatically grow. For stakeholders in cloud hosting environments, the implication is a higher expectation of being targeted for server takeovers, root-kitting and botnet command-and-control insertions. Servers Have More Exposure in the Cloud Servers hosted in public IaaS environments have more exposure to compromise than servers do within the traditional data center, where layers of perimeter controls defend server weaknesses from exploit. Cloud IaaS environments rarely offer the control over network topology required to implement perimeter security strategies. As a result, vulnerabilities on each cloud server are more exposed to compromise than those in a traditional data center. In a typical private data center environment, security chokepoints and/or network demarcation zones (DMZs) exist; firewalls, intrusion detection systems (IDS) and UTM devices easily inspect external traffic from sources such as Internet connectivity. Typically, hardware acceleration within the data center boosts performance and compensate for the processing demands required to inspect and control all network traffic in and out of an organization. Because public IaaS environments rarely offer control over hardware or topology, these control mechanisms are unavailable to enterprises hosting servers there. Traditional perimeter security depends heavily on control over network factors like IP addressing, physical topology and routing. Customers of cloud IaaS do not have this control; the cloud provider usually dictates network addressing and routing. Server IP addresses are unpredictable, creating serious complications in configuring security mechanisms. Public IaaS environments also typically segment network traffic at the VM level, meaning the only traffic a server can see is its own. It is not possible to use network-level IDS, IPS or wire-level UTM mechanisms in this environment. The performance implications of each cloud server performing traffic inspection at the wire level are staggering, especially given the lack of hardware control. Even in a traditional data center with perimeter defenses in place, server-level security such as hardening, secure application configuration, and patch management are important. In the cloud, where front-line defenses are extremely limited, server-level security protection is critical. Cloud servers are largely on their own to protect themselves; strong and highly automated host-based controls are essential. Cloud Elasticity Multiplies Attack Surfaces Elasticity is a key differentiator distinguishing IaaS from other infrastructure hosting models. Servers are no longer boxes mounted to racks bolted to the floor. With virtualization and cloud technologies, servers are now files and metadata that can be instantly copied, migrated, and stored offline for later reactivation – in other words, elastic. This elasticity provides companies with the ability to cloudburst, expanding the number of servers and available compute power within minutes. However, this significantly increases the risk of compromise. The problem is quite simply that as a virtual server duplicates so do its vulnerabilities and exposures. Given the speed with which servers can multiply, this issue increases the attackable surface area of a cloud server farm dramatically within minutes. Inactive machine images or snapshots are virtual machines that are saved for later reactivation or as a Copyright © 2011, CloudPassage Inc. 3
  • 4. template for new servers. While this capability is clearly useful, offline server images do not get updates regarding newly discovered vulnerability, policy changes, or modification to user accounts and access rights. When a hibernated server is reactivated, there will be access privileges, software vulnerabilities, and outdated configurations that expose it to immediate compromise. When adopting a cloud-hosting model, system administrators and other stakeholders should be aware of and account for these issues. One misconfigured server, either created recently or resurrected from storage, could multiply during cloning and cloud-bursting operations to become the “Typhoid Mary” of the cloud farm. The Boomerang Problem Organizations often turn to cloud hosting for application development Public cloud hosting reduces bar- riers to application development, increasing speed to market for technology-related products. Special infrastructure skills, network configuration and hardware setup time are minimal. This is an attractive proposition, especially for business and technology managers frustrated with the perceived delays and red tape associated with infrastructure setup. Sometimes central information technology organizations sanction cloud-based development efforts; in some instances, individually business units charge ahead independently. At some point, all successful development projects go into production. Sometimes the application continues to run in the public cloud environment. Often the application code comes back in-house with the cloud server in a ready-to-run virtual machine image. If cloud servers used for development are not secured properly, disastrous results often occur. These servers are highly exposed, and often the dynamic nature of application development masks signs of intrusion. Compromise impact could include code theft or insertion of malicious functionality into the new application. Any live data used for development purposes (a disturbingly frequent occurrence) could be at risk and compromised with the server. If rootkits or other malware are dropped onto the cloud server, that malware could come back to the enterprise data center. Managing New Cloud Risks Clearly there is new set of exposures and risks associated with hosting applications, data and workloads in public IaaS environments. Perimeter-oriented methods of protection that have worked for years are highly difficult or completely untenable in these environments. The dynamic nature of public and hybrid cloud server farms further complicates matters. The lack of options to protect servers in high-risk public clouds can be the deal-killer that stops companies from embracing public IaaS and realizing the obvious benefits. There is a need to bridge the gap between traditional perimeter-oriented data center security and security in dynamic cloud environments. Securing the server itself in an automated, portable, and elastic manner represents the most effective approach to practical survivability in public and hybrid clouds. By implementing best practices in a cloud-capable, elastic model, enterprises can create security for cloud-hosted applications and data that meets or exceeds what traditional perimeter-centric models can deliver. n Copyright © 2011, CloudPassage Inc. 4
  • 5. This paper is the first in a series of white papers from CloudPassage. This series will offer technical and operational security considerations found valuable in developing real-world strategies for securing IaaS hosting environments. In later white papers, CloudPassage will examine models, best practices, and technology alternatives for achieving portable cloud server security. Visit us at www.cloudpassage.com to learn more. About CloudPassage CloudPassage is a security SaaS company offering the industry’s first and only server security and compliance solutions purpose-built for elastic cloud environments. The company addresses the technical challenges of securing highly dynamic cloud hosting environments where consis- tent physical location, network control and perimeter security are not guaranteed. The company’s early product feature set includes high-accuracy server security configuration and vulnerability management and centralized management of host-based firewalls. The innovative capabilities of the Halo platform operate across infrastructure models and seamlessly handle cloud server bursting, cloning, and migration. Headquartered in Menlo Park, California, CloudPassage is backed by a number of well-known venture capital firms and angel investors. Copyright © 2011, CloudPassage Inc. 5