Home > Uncategorized > Security: In the Cloud, For the Cloud & By the Cloud…

Security: In the Cloud, For the Cloud & By the Cloud…

When my I interact with folks and they bring up the notion of “Cloud Security,” I often find it quite useful to stop and ask them what they mean.  I thought perhaps it might be useful to describe why.

In the same way that I differentiated “Virtualizing Security, Securing Virtualization and Security via Virtualization” in my Four Horsemen presentation, I ask people to consider these three models when discussing security and Cloud:

  1. In the Cloud: Security (products, solutions, technology) instantiated as an operational capability deployed within Cloud Computing environments (up/down the stack.) Think virtualized firewalls, IDP, AV, DLP, DoS/DDoS, IAM, etc.
  2. For the Cloud: Security services that are specifically targeted toward securing OTHER Cloud Computing services, delivered by Cloud Computing providers (see next entry) . Think cloud-based Anti-spam, DDoS, DLP, WAF, etc.
  3. By the Cloud: Security services delivered by Cloud Computing services which are used by providers in option #2 which often rely on those features described in option #1.  Think, well…basically any service these days that brand themselves as Cloud… ;)

At any rate, I combine these with other models and diagrams I’ve constructed to make sense of Cloud deployment and use cases. This seems to make things more clear.  I use it internally at work to help ensure we’re all talking about the same language.

/Hoff

Related articles by Zemanta

Reblog this post [with Zemanta]
  1. theodore
    May 26th, 2010 at 19:55 | #1

    This is kind of off-topic, but it's along the same lines. If you use a load balancer to do ssl termination/offloading for an app, and you then move that app into the clouds, would you still do ssl termination/offloading in the virtual load balancer? Or would you simply add that memory/cores count into the server farm and only use the virtual load balancer to load balance? What would be the difference between the encrypt/decrypt operations done in a virtual load balancer compared to doing the same encrypt/decrypt operations on the virtual host? (this is assuming you don't have a Cavium daughter-board in the host)

  1. May 7th, 2010 at 11:15 | #1
  2. May 14th, 2010 at 10:32 | #2
  3. May 17th, 2010 at 11:21 | #3
  4. May 28th, 2010 at 08:06 | #4
  5. June 12th, 2010 at 12:12 | #5
  6. July 7th, 2010 at 08:47 | #6
  7. July 18th, 2010 at 14:03 | #7