Security for public and community clouds has greatly improved recently. Major cloud service providers such as Amazon Web Services and Microsoft have made substantial investments in security to help ensure their subscribers’ data is safe and their cloud experience is exceptional. In fact, the security from such cloud service providers is better than in many companies’ own data centers. Some companies now actually view security as one of the primary justifications, in addition to cost savings and agility, for moving their applications to the cloud.
Still, the thought of putting critical data on the cloud accessible by just about anyone is really scary and the perceived added vulnerability is preventing many enterprises from fully leveraging the cloud. They may be using the cloud for non-critical data such as test and development but not for their core business applications that access their most sensitive data.
New micro-segmentation offerings are now available to provide enterprises with added layers of cloud security and instill the confidence they need to put more of their enterprise applications on the cloud. In doing so, large companies have the opportunity for tremendous cost savings, to make their products and services more globally accessible and to dynamically adjust to business conditions in real time.
There are five security advantages these new micro-segmentation offerings provide to the cloud that haven’t previously been obtainable:
- New micro-segmentation offerings enable companies to use a consistent set of tools for both their local data centers and the cloud. In the past, security administrators and operators have had to use different security tools for their local data centers and each cloud service provider. This meant the security roles and policies within their companies had to be mapped and maintained across multiple data centers (private and public) and different toolsets – a very complex and costly undertaking. Contemporary micro-segmentation tools work within a company’s local data center and across leading cloud service providers’ data centers, greatly simplifying operations and reducing costs.
- New micro-segmentation technologies provide encryption within the cloud from virtual machine to virtual machine. Traditionally, it was believed that data was secure enough once within the security protection provided by the perimeter of the public data center. New micro-segmentation technologies now encrypt data between the virtual computing instances within the cloud for each company and user community. This encrypted added layer of security is a major step forward for protecting the most sensitive data in the cloud.
- New micro-segmentation technologies use concealment as a basis for security strategy. Traditional security offerings have used a fortress strategy in which they build a wall around the data they are trying to protect, but still leave the processing environment visible to cybercriminals. New micro-segmentation offerings conceal the applications and data on the cloud to the point where it doesn’t appear like anything is active. Cybercriminals aren’t seeing information such as active IP addresses, operating system types or other information that would provide insight as to how to attack a company’s data. The cybercriminals are not aware of the applications and data in the cloud, and therefore it is not a target.
- Micro-segmentation prevents lateral movement of security infiltrations to the data center. A key concern of the cloud is that a company’s data may be compromised because “the other guy” on the cloud didn’t take the appropriate precautions. Micro-segmentation protects cloud users from “the other guy.” Each company’s cloud processing environment is isolated and secure. Malware and cybercriminals are bounded by any given segment, and this makes all users of the cloud more secure.
- Micro-segmentation can prevent security breaches in the cloud. A security breach occurs only when a company’s data leaves the cloud, not when the actual security infiltration occurs. New micro-segmentation capabilities contain threat intelligence that recognizes abnormalities and invoke policies to prevent data from leaving the cloud where these inconsistencies occur until the appropriate security analysis can be applied.
The cloud has never been more secure and micro-segmentation takes cloud security to amazing to new levels, so that enterprises can fully realize the benefits of the cloud even for their most critical and sensitive data.
About the Author
Rod Sapp manages the Unisys products portfolios including Enterprise Servers, storage, security products and cloud products.
Rod and his team are responsible for business planning, server portfolio definition, partner selection & management, and product launch and lifecycle management.
Rod’s organization collaborates extensively with Unisys sales channels and clients as well as Unisys engineering and services organizations to develop market-leading whole product solutions. Rod’s organization works closely with Unisys strategic technology partners including Dell, IBM, EMC, Oracle, VCE, Intel and Microsoft.
Rod’s background includes ten years of sales experience and twenty years of product and portfolio management that has included the Unisys ClearPath mainframe servers and more recently comprises the Unisys X86 business, storage offerings and software products.