The cloud these days

I'm not sure who is more excited about the cloud these days: hackers or venture capitalists. However certainly both groups smell possibility. An interesting article published by CNET a little during back nicely illustrates the growing interest the former have with cloud computing. Fortify Software sponsored a survey of 100 hackers finally month's Defcon. They discovered that 96% of the respondents think that the cloud creates new opportunities for hacking, and 86% believe that "cloud vendors aren't doing enough to address cyber-security issues."

IaaS clients are faced with a dilemma. Ideally, a fresh however potentially vulnerable OS should first be brought up in a safe and isolated environment. Yet to effectively administer the image and load patch kits, Internet accessibility may be necessary. Too often, the solution is a race against the bad guys to secure the image earlier it can be compromised. To be fair, OS installations but come up in a much more resilient state than in the days of Windows XP prior to SP2. Still, it should surprise few people that exploits have evolved in lock step, and these can find and leverage weaknesses astonishingly fast.

The world is full of ex-system administrators who honestly believed that simply having a patched, up-to-date system was an adequate security model. Hardening servers to be resilient when exposed to the open Internet is a discipline in other words  time-consuming and complex. We create DMZs at our security perimeter precisely so we can concentrate our time and resources on making sure our front-line systems are able to withstand continuous and evolving attacks. Maintaining a low risk profile for these machines demands significant concentrated effort and continual ongoing monitoring.

CloudProtect is a new product from Layer 7 Technologies that helps reconcile the twin conflicts of openness and security in the cloud.  CloudProtect is a secure, cloud-based virtual appliance based on RedHat Enterprise Linux. Clients use this image as a secure baseline to deploy their own applications. CloudProtect features the hardened OS image that Layer 7 uses in its appliances. It boots in a safe and resilient mode from first use. This RHEL distribution includes a fully functioning SecureSpan Gateway - that governs all calls to an application's APIs hosted on the secured OS. CloudProtect offers a secure console for visual policy authoring and management, allowing application developers, security administrators, and operators to completely customize the API security model based to their requirements. For instance, need to add certificate-based authentication to your APIs? Simply drag and drop a single assertion into the policy and you are done. CloudProtect as well offers the rich auditing features of the SecureSpan engine, which can be the input to a billing process or be leveraged in a forensic investigation.