For a lot of my customers, any discussion of moving to the cloud started with, "will it be as secure as my servers?"
That is: servers with strong administrative policies, limited role-based access, behind a corporate firewall, on a network that is patrolled by appliances looking for unusual traffic.
The short answer is that it can be. You have to design it that way.
One key concept that gets missed in early stages of cloud migration is that the cloud is, essentially, one giant co-location. It's a shared data center. "How," asks the engineer, "do I know my competitor's cloud isn't on the same network, or server, or even hard drive as my cloud?"
You don't. But that's OK, because they are logically separated. My cloud doesn't see your cloud.
On top of that, I can build in the cloud a virtual network. I can build a firewall in that virtual network. I can attach appliances and servers and services in the virtual, cloud-hosted environment. I can, in short, build everything I have on-premise in the cloud.
"But," says the engineer, "what if someone breaks into the data center and hacks the host machines?"
Well, OK. If they are truly nefarious they can shut down those machines, if they have privs. But they can't get to your data. Even if they somehow manage to copy your hosts outside, or to some other place they can access, they can't access your data without all the credentialing you put in yourself.
On top of that, your hosts themselves can be encrypted.
"What if they break in and steal the hard drives?"
This is the example Microsoft loves to cite, because they encrypt all their drives. If someone yoinks a drive from their data center, they'll have to un-encrypt it first, and then get past whatever security was on the contents of that drive.
Monday, September 26, 2016
Subscribe to:
Comments (Atom)