According to 451 Research, 92% of IT executives say security is their #1 concern when it comes to cloud adoption. Take a look at the data, however, and it tells a different story. For the last 2 years Alert Logic has been mining thousands of real world incidents detected across cloud and on-premise deployments to identify the differences in attack vectors and trends. Numerous data points fluctuate with each report we’ve produced, but one aspect has remained consistent – attack frequency and threat diversity is demonstrably lower in cloud environments.
The truth is that the level of security engineered into the fabric of clouds like Google Compute Engine in many ways exceeds what’s practical in traditional enterprise data centers. More important, the degree of isolation, fine-grained control and automation built into Google Compute Engine allows enterprises to tailor security for each application, rather than relying on blanket solutions that cover an entire data centers. This is a profound change – allowing developers to build security controls into their applications naturally reduces the exposed surface available to attackers.
Does this mean that achieving better security and compliance is a simple matter of moving to the cloud? The short answer is, no. Security responsibility spans Google Cloud Platform as a provider, as well as customer deployed cloud instances, networks and applications. Compliance regulations are also clear – providers must carry certifications for their facilities and infrastructure, but certifications are not transferrable and controls must be implemented individually for each protected environment.
Time and time again our conversations with developers show that automation and programmatic control is the biggest reason they are able to embed security directly into their deployments. This is where Alert Logic comes in. For over a decade we’ve provided Security-as-a-Service, with over 80% of our deployments protecting production applications in hosted or cloud environments.
In practice this means that means that developers have access to a stack of security services that aligns with every layer of the cloud stack of Google Compute Engine – networks, cloud instances and applications.
.png)
These services constitute building blocks that allow you to compose the right set of controls, deployed and scaled in lockstep with your application on Google Cloud Platform, relying on the following architecture characteristics:
- Fast bootstrap of new agents and appliances, so provisioning can be automated with common tools such as Chef, Puppet or CFengine using management APIs.
- Role-awareness, so security monitoring of common logical cloud components can be done without having to switch context across hundreds of cloud instances.
- Configurations are pushed down from management APIs and continually updated to handle static and ephemeral networking schemes without manual effort.
- Control and data processing planes are loosely coupled, sharing state only when necessary so every security component can scale-out.
- Intrusion detection based on agent network introspection and non-blocking architecture to provide multi-gigabit scale without impeding traffic flow.
- Auto-scaling abilities for Web Application Firewalls, able to reach 10gbps in throughput in reverse proxy deployments driven by cloud load balancers.
For most of the security controls to be effective they must be combined with continuous monitoring, so for every layer in the stack we provide a set of 24/7 monitoring services with a manned Security Operations Center. For cloud developers this means that they can go from development to testing to production, achieving the right level of security and compliance at launch.
Getting Started with Alert Logic on Compute Engine
Here are the basic steps to deploy the Log Manager service in the Google Compute Engine. Start with your Google Cloud Console:
Then:
Your logs will begin to flow and are ready to be consumed:
As you have seen in this post, Alert Logic’s integration with Google Compute Engine provides full set of security controls for each layer of your cloud deployment and allows you scale security as you grow. Have questions, or thoughts about security and compliance? Leave us a comment below.
-Contributed by Misha Govshteyn, Founder and Chief Strategy Officer, Alert Logic
0 comments:
Post a Comment