Securing the cloud: Is IDS passe?

334795 pts.
Tags:
Cloud Computing
Cloud Security
Knowledge Point Challenge
It used to be a good design to not only run applications in different tiers, but also physically separate them on different network switches. Network devices have since improved (security wise) and some folks seem to be alright with virtual switches. And then came the cloud infrastructure where security is mostly limited to host based firewalls,  passwords or keypairs. And the super-smart network admins (and the larger organizations selling them the hardware) who have been doing an excellent job to protect your applications from the "bad guys" are not needed anymore :) 
So here are my questions about what is the recommended practice for securing applications in the cloud. 
1) Should we abandon n-tier application model ? 
2) Is it enough to setup host based firewall ? 
3) If answer for 1,2 is yes, does it mean that we could have solved 
this problem without costly/smart network devices even without cloud ? 
4) Why isn't anyone talking about host-based intrusion detection on the cloud yet ? 
5) Or are we confident we don't need IDS anymore ? 
6) Even though the bar has dropped to develop and launch a website, has the bar to develop secure applications increased because of lack of implied security which developers used to have in the old model ? 
7) What security practice do you have for building/hosting your application on the cloud ? (other than blocking unused ports) 
Question originally asked by Royans on Cloud Computing.

Answer Wiki

Thanks. We'll let you know when a new response is added.

1) Should we abandon n-tier application model? 1. No. From a functionality standpoint it is still beneficial to have a tiered system as a way of resolving errors within a program and when trying to establish interoperability with another program. I liken this method to the half-split method of troubleshooting a connection issue. I feel that the n-tier model offers a flexibility which still holds importance that cloud computing does not usurp.

2) Is it enough to setup host based firewall? No. The simple answer is that just because great security was established between internal and external communications does not mean that a problem cannot come from within. This could result from any portable device accessing the network where it has been used outside of the firewall beforehand. An IDS would prove invaluable at this point; not only for saving the network but also for isolating the cause. This also answers #5. IDS is, as far as I know, the best way of managing security within a network. Granted, my knowledge of such things is limited, but I cannot see how providing the most secure practices to a network would hinder an organization.

4) Why isn’t anyone talking about host-based intrusion detection on the cloud yet? If the service is host-based then it cannot be fully guaranteed (not that any service really could anyways). I also think that it is being spoken of just without finite resolve. The first company that finds a truly effective way of providing secure cloud computing at a reasonable price without sacrificing performance will find a good deal of business.

6) Even though the bar has dropped to develop and launch a website, has the bar to develop secure applications increased because of lack of implied security which developers used to have in the old model? Indeed. I think that as people are both trying to protect their own software and the work of those who purchased the software, security within applications has grown in importance. From a proprietary standpoint, a lack of proper security would result in a loss of profit. From a purchaser standpoint, people do not want their work modified or jeopardized because of a manipulated application.

7) What security practice do you have for building/hosting your application on the cloud? (Other than blocking unused ports) I do not have one. I would like to see others’ answers on this question.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Michael Morisy
    Hi Xenophon22, Thanks so much for the answer! Very comprehensive thoughts. I'll try and round up some thoughts on best security practices for cloud deployments. It's a tough problem to tackle.
    8,293 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following