According to Cable&Wireless Worldwide business manager Tom Stockwell, the best way to secure an Infrastructure-as-a-Service (IaaS) layer is to ensure that the prime access routes to the cloud computing environment are via the Wide Area Network (WAN), not the Internet.
Stockwell says that this route should help bypass any sense of anxiety for enterprises and large organizations that would prefer for applications in a cloud environment to not directly face the Internet. By placing these services in a secure cloud environment within the WAN and by using the established methods of data separation between different customers in a cloud computing environment, Stockwell suggests that data becomes intrinsically safer.
"Organizations run and operate a variety of applications, each having the potential for a different set of technical, security, availability and performance requirements. As such there will not be an immediate move to, or indeed a 'one-size-fits-all' approach, to cloud computing for the foreseeable future," said Stockwell.
The option then exists for businesses to adopt a hybrid approach, making use of a set of technologies across traditional dedicated infrastructure, dedicated virtual servers and cloud platforms, with applications remaining in the environment that best suits their individual security requirements.
"Cloud environments need to have access points for the end-user of the applications running on the platform, the IT team who has to manage the applications, the service provider themselves and also the IT management team who need to order and change the capacity. With an Internet-based cloud service the majority of those access points are exposed directly to the Internet, with only the service provider management access being 'internal'. By placing cloud computing services within the WAN the Internet exposure is far less, minimizing the risk as the cloud services are essentially moved further into the customer’s environment, giving them more control," added Stockwell.
Cable&Wireless' wider position on these technologies is to state that all cloud computing environments should always be built using industry best practice guidelines that have been developed and proved successful in physical environments, with additional security to protect data in the cloud. These security standards and procedures, such as firewalls, encryption, anti-virus and limiting access rights, have just as much place in a cloud environment as in the physical.
However, the company also points out that a balance must be made between the security policies implemented and maintaining the flexibility cloud computing can provide.
Stockwell concludes that, "A security infrastructure that slows down operations will impede the business objectives that made security a priority to begin with. By offering WAN connectivity for server administration, cloud environments can be rapidly created and tested before access is extended to internal or internet users, allowing for flexibility while still adhering to best practice and client’s own security guidelines."