In a Forbes CIO Network guest post, Verizon’s Chief Platform Officer David Small listed his “5 Trends to Watch For 2013”. He forecasts that hybrid clouds, and the need to switch workloads between public and private clouds, will require a “bold approach to embracing change and re-engineering networks in support of cloud-based applications.” Small also states that “to keep up with the changing demands of today’s enterprise, the ideal platform needs to be secure yet easy to use and configure.”
We couldn’t agree more. Our own Security and the Cloud 2012 survey highlights that 4 out of 5 respondents state that their companies are using a mix of cloud architectures including public (22%), private (36%), and hybrid (36%) being actively used.
Security needs to be an automated and transparent part of the cloud server and application deployment process. A difficult to install/configure/manage security tool is an easy to remove/ignore/forget security tool. We continue to see more and more CloudPassage customers exclaim how easy they have found Halo to integrate into their server build, and other automation, processes. The same customers also tell us just how quickly their servers and applications can be secured using Halo as opposed to homegrown scripts or traditional security tools not quite built for cloud operation.
Another prognostication by Small is that security will become the new arms race in 2013. “Security will become a mainstream IT must-have,” says Small “and not a ‘specialty’ for the industry.” It used to be that security was the responsibility of the dedicated security resources or, in small or understaffed organizations, a secondary function of systems or network IT staff. In the new cloud world, however, security responsibility stretches across the entire industry encompassing business unit leadership, IT operations, development, and DevOps, in addition to traditional security and compliance teams.
In our 2012 survey, the majority of respondents (25.9%) claimed that central systems administrators, infrastructure or DevOps professionals oversaw cloud security within their organization instead of those in the traditional security leadership (CSO/CISO) role.
As expected, some respondents claimed that an internal security group or a specific security organization within the company was responsible for the cloud security oversight within their respective organizations. Another respondent stated that the network security team was responsible for cloud security – perhaps a dangerous place to have the security of servers and applications reside since typical network security teams focus almost exclusively on network-level attacks and defenses. At least two respondents weren’t sure who was responsible. The most surprising response was that ‘the last guy got fired’ with no indication as to whether the person was replaced or if anyone was in charge of security at the time.
Identity security is also deemed to be a much more prevalent issue in 2013. “Two-factor authentication continues to gain advocates,” says Small “But more is needed to counteract the increasing amount and intensity of criminal activity pursuing both intellectual property and financial gain.”
Again, we couldn’t agree more. Securing access to public and hybrid cloud servers is a major issue holding businesses back from embracing the benefits of cloud computing. Our customers continue to tell us how much Halo GhostPorts helps them control access to their servers and applications without the need for any additional infrastructure. GhostPorts uses dynamic, time-based host firewall rules with two-factor authentication to provide tight access control to network services and reduce the attack surface area of deployed servers.
The Forbes blog post echoes some of the very concerns that our customers continue to bring to us and that our product was designed to address.