DataTap Solutions


Security is the one word that makes people stop and think for a minute on the impact of their actions. With the uncertainty that cloud imposes on where the resources and data are hosted makes cloud security a hot topic. I really like the cloud security model put together by Mark Nunnikhoven, where the shared responsibility of cloud provider (facilities, physical infrastructure, network infrastructure, virtualization layer) and hosted entities (the operating system, any applications, data) described. However, I am not able to come to grips with the concept of ‘The Wall’ and the proposal that individual VMs in the enterprise cloud environment should employ security controls, instead of all of environment itself. Please read –

The irony of the public cloud is that while compute and storage resources are available in abundance, bandwidth is typically scarce. All of the traditional methods of deploying these controls are bandwidth intensive.


Successful security in the cloud moves these same controls to the virtual machine. We move from single, large security controls that protect the entire data centre to controls deployed directly on the virtual machine and responsible for only that virtual machine. This allow the use of much smaller rule sets since the control now has the context in which it’s running.


Think of it this way: the traditional method is to have the city guard check everyone at the gate. The guard has to know the business of everyone in the city and then validate whether or not the folks at the gate have a valid reason for being there. By moving that check to the door of the business someone is visiting, it makes it a lot easier for the guard at the door to do more in-depth checks. The guard at the door only has to keep track of the one business, not the entire city.

The problem with this approach is now the intruders are not watched for until they hit on a door of a business (individual VMs). I feel the analogy is some what not relevant here. There are so many security checks that are common among an enterprise cloud VMs, a centralized security analytics platform is not only helpful but a must have to find the breach before it finds you.
You can read the complete cloud security model article by Mark here.

Leave a Comment

Your email address will not be published. Required fields are marked *