Enterprise cloud security best practices for locking down your cloud
A comprehensive collection of articles, videos and more, hand-picked by our editors
Security can be a bugaboo for companies considering cloud infrastructure deployments, but some businesses use the cloud specifically -- and only -- to administer Security as a Service.
IT pros who use Security as a Service offerings say they can cut down on management time spent on common security tasks and provide a centralized, Web-based means of overseeing their infrastructure's security.
G6 Hospitality LLC, the parent company of Motel 6 and Studio 6 based in Carrollton, Texas, uses Trend Micro for all of its security services, both on-premises and cloud-based. Recently, the company put Trend Micro's Web App Security as a Service into production, and Tom Sipes, managing director of IT security and compliance, said it has made application developers' lives easier.
Web App Security provides security analysis of code for Web applications, meaning developers don't always have to wait on G6's security team to reprioritize its schedule to examine code for them.
Web App Security's browser-based dashboards are also a convenient place to get an overview of the Web application environment for G6.
"I like the fact that if I'm sitting at home and we have to run some analysis, if I want to take a quick look, I don't have to VPN in or anything," Sipes said. "I can drill into any one of the sites we're analyzing and know, right out of the chute, where a problem is."
With Web App Security, Sipes doesn't have to rely on third parties to provide Secure Sockets Layer (SSL) certificates.
"I have the ability to go in and take the inbound certificate request, drop it in, get the approval and return the certificate -- and that round-trip time is five minutes," Sipes said. The front-end security developers then have the ability to go into the Web portal and make the request themselves, as long as one of Sipes' security engineers approves it and validates that the certificate request is correct."
Even companies in regulated industries, such as banks, find that Security as a Service meets their security and compliance standards as long as no corporate or user data leaves their facilities.
Travis Homi, director of IT at Central Bank and Trust in Lander, Wyo., uses GFI Software's GFI Cloud for antivirus and patch management on his network of five branch locations in Wyoming, which hold a total of 90 PCs and 15 servers. GFI Cloud can perform security operations on workstations as well as servers.
"Our comfort level isn't to the point where I would move everything to the cloud, especially sensitive customer data; I really believe that needs to be in-house," Homi said. "The actual data that resides on GFI's servers is our IT infrastructure data. … It's still sensitive information, but it's not customer data."
In fact, GFI was recommended to Homi by one of his company's regulatory compliance auditors.
Meanwhile, of the benefits of Security as a Service, Homi said convenience is at the top of the list.
"Ease of management and ease of deployment," he said. "You install the GFI cloud agent on each of your systems, and you can add and remove services from the central Web console."
This will also help when the bank adds more services from GFI, like Web protection.
"I've already got the agent installed on my entire network," Homi said. "I can just deploy that from a website. It's really easy; a big time saver as far as deployment goes."
Other Security as a Service product vendors include Cisco Systems Inc., Hewlett-Packard Co., McAfee, Panda Software, Sophos and Symantec Corp.
A few forward-looking shops use Security as a Service to monitor cloud-based infrastructures, too. Find out more in Part 2 of this story.