Technical Cloud Security: Dynamic infrastructure hardening
This is the fifth in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will talk about the role of dynamic infrastructure hardening in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.
As we’ve previously discussed on this blog, a lot of the traditional security controls that we have used in an on-premise data center are still applicable in the cloud, however the way we use them will change as we adapt to the new highly virtualized and agile environment. Whilst making sure the platform, operating system instances, and applications are all included into a vulnerability management program to ensure the attack surfaces are effectively reduced, one of the big areas for change in a cloud protection strategy is around securing network traffic.
The reason for the change is quite simple – whereas in a non-virtualized data center we could use physical devices (firewalls, IPS, IDS etc) to keep traffic with different security profiles apart, in a virtualized data center, up to 80% of the network traffic may be going East – West, or, in other words, in-between virtual machines without needing to cross the physical network wire. There are a number of ways to inspect this virtualized traffic in a cloud environment, including VLAN configuration, agent-based protection, virtual security appliances, and micro segmentation.
Read the entire article here, Technical Cloud Security: Dynamic infrastructure hardening
via the fine folks at HP Enterprise.