Tip

Public cloud services security: Terremark and Rackspace

In addition to well-known public cloud service providers like Amazon,

    Requires Free Membership to View

many hosting providers have transformed static co-location infrastructure and standalone data centers into a more elastic infrastructure supporting public cloud offerings. These providers often have a wider range of security services than any “pure cloud” service, making them better choices for security-conscious organizations looking to leverage the public cloud environment.

Terremark cloud security

Miami-based Terremark Worldwide Inc. (which Verizon proposed acquiring in January) offers a range of co-location and cloud-based services, including rapidly provisioned virtual machines for development environments, hybrid clouds that are distributed between customers’ internal cloud and a cloud environment managed by Terremark, and its Enterprise public cloud services.

In its Enterprise cloud services, Terremark provides numerous security capabilities, some of which can be managed by customers alone or co-managed by Terremark data center teams. Firewall capabilities can be managed by Terremark, customers, or co-managed. Both network-based and host-based intrusion detection and prevention capabilities can be implemented within the cloud environment, as well, and Terremark allows alerts to be sent to a variety of security event and information management (SEIM) systems. Additional managed security capabilities, such as network flow data aggregation and analysis (with Arbor Networks) and file integrity monitoring and log management (with Tripwire Inc.), can be implemented within the Terremark cloud.

For most security professionals, these services represent a more well-rounded security architecture than those available at providers such as Amazon, Microsoft and Google, including both preventive and detective measures. Managed incident response services are available, too, which offer customers a means to address one of the cloud’s thorniest issues: how to handle a security breach in an environment you don’t control.

Rackspace cloud security

Another  major hosting provider, Rackspace Inc., offers several public cloud services, such as Cloud Servers (rapidly provisioned Windows or Linux systems), Cloud Sites (cloud-based website hosting) and Cloud Files (a cloud-based data storage and redundancy package). San Antonio, Texas-based Rackspace has numerous packaged security services, including SSL certificates, antivirus, firewall,  IDS and distributed denial-of-service (DDoS) mitigation. However, these services seem to be  available on the managed hosting side more so than the cloud hosting side, although the company’s hybrid hosting offering may offer more flexibility.

Additionally, Rackspace is one of the primary organizations driving the open source OpenStack cloud computing platform, which has garnered positive attention as a way to help build security into the cloud more deeply and at higher layers up the stack. Several of the company’s services are built on OpenStack, so potential customers should take a look at the project and ask questions about security capabilities or shortcomings.

NaviSite and GoGrid

Andover, Mass.-based NaviSite Inc., another provider of both hosted and cloud-based services, offers many of the same security capabilities as Rackspace. However, the company is much more explicit in describing what security options are available, both internally and for customers to manage themselves. For example, intrusion detection and prevention, as well as enterprise firewalls, are enabled and managed by NaviSite. A host-based firewall can be managed by  customers within their cloud instance, and customers can also pay for a dedicated firewall appliance. Antivirus is managed internally for all cloud environments, and file integrity monitoring (with Tripwire) is enabled, much like Terremark. Vulnerability scans and penetration tests are performed on a regular basis, and customers can provision separate penetration tests by coordinating with NaviSite ahead of time.

GoGrid, a cloud services provider that specializes in “hybrid hosting,” with traditional physical hosting services and cloud-based provisioning, offers few details on their security capabilities. One interesting point to note, however, is that dedicated physical firewall appliances from either Fortinet Inc. or Cisco Systems Inc. can be purchased as a separate managed service with a hosted package. In addition, like many  other cloud service providers, security products from companies like Sentrigo Inc., Trend Micro Inc., Sourcefire Inc. (Snort) and Art of Defence GmbH can be integrated into the GoGrid environment.

Currently, there is a definitive gap in security offerings and capabilities between most hosted services and pure public cloud services, even within the same provider’s infrastructure. Since managed services and co-location are more mature in general, hosting providers have had more time to incorporate security capabilities into these services. But for now, most enterprise-class public cloud services have quite a bit of catching up to do, even those offered by traditional hosting firms.

About the author:

Dave Shackleford is a founder and principal consultant with Voodoo Security and also a certified SANS instructor.

This was first published in March 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.