Considerations for Running Security Software in the Cloud

by [Published on 23 Dec. 2014 / Last Updated on 23 Dec. 2014]

One aspect of the transition to the cloud that is sometimes overlooked is that security software that you may take for granted could behave very differently in a cloud environment. As such, administrators must consider what impact the cloud will have on their security infrastructure.

The way in which your cloud initiatives will impact the organization’s security ultimately depends on the types of security software that you are trying to run and on the type of cloud service that you are using. After all, cloud services offer varying capabilities and restrictions.

Take Software as a Service (SaaS) clouds for example. These types of clouds allow a vendor to provide customers with access to a remotely running application. The problem with SaaS clouds is that SaaS customers have no control over security. This isn’t to say that there is no security. There is. The SaaS provider typically puts a great deal of effort into making sure that the cloud remains secure. However, the provider’s security usually resides on the backend and is transparent to customers.

There are two reasons why this type of security may prove to be problematic for SaaS customers. The first reason is loss of control. SaaS customers cannot use their preferred security software to protect their cloud based applications. Take Microsoft Office 365 for example. It is common for administrators who operate on premise Exchange Server deployments to run antivirus and anti-spam software on their Exchange Servers. However, if an organization chooses to move their Exchange Server mailboxes to Microsoft Office 365, they lose the ability to run third party antivirus and anti-spam software on the mail server. At best the organization might be able to run security software on the client computers, but even that is not always an option.

The other reason why the inability to run third party security in a SaaS environment may prove to be problematic has to do with manageability. Oftentimes organizations use security software that offers centralized reporting capabilities. Such a feature may give the organization a way to monitor security and health through a single pane of glass. The introduction of SaaS means that there will likely be cloud based applications that cannot be monitored using the organization’s preferred software.

Although SaaS clouds certainly present security challenges, the opposite can also be true. There are security software vendors who offer cloud-based versions of their wares. Running security software in the cloud was once ill advised because cloud based security software simply could not deliver the same level of protection as security software that was installed locally.

Today things have changed. Some cloud-based security products are every bit as good as locally installed security software – maybe better. Cloud-based security software has one very distinct advantage over security software that runs locally – isolation.

When an attacker attempts to compromise a system, one of their first goals is to disable any security or auditing software. If this software is running remotely (in the cloud), then it can make bypassing security a lot tougher.

Of course not every cloud based application runs in a SaaS cloud. Infrastructure as a Service (IaaS) clouds, both public and private, are another popular option. IaaS clouds typically act as a platform for hosting virtual machines.

Although IaaS clouds are known for their flexibility, there are still potential issues when it comes to running security software. One such issue is that of compatibility. Some clouds are incapable of running standard Windows applications. The cloud might be Linux based and may require applications to be compiled in a way that allows them to run on the cloud.

Another challenge of IaaS clouds is that of security blind spots. Whether public or private, IaaS clouds are specifically designed to provide tenant isolation. This isolation helps to ensure each tenant’s privacy and it helps to keep one tenant’s workloads from interfering with another’s. The problem with this isolation is that security software can only monitor what it can see. An environment that is specifically designed to obscure specific resources can present a major challenge for security software.

This isolation does not typically pose a huge problem in a public cloud environment because subscribers only need to monitor their own cloud resources – not those resources belonging to other tenants. However, things are different in a private cloud. All of the resources belong to the organization and need to be monitored. The solution to the problem is to use security software that is virtualization aware. For instance, there are security applications that can latch onto the Hyper-V virtual switch as a way of gaining insight into virtual machine networks.

As you can see, security can behave differently in a cloud environment than in a traditional datacenter environment. As such, it is important to take into consideration how the cloud might impact your security initiatives.

See Also

The Author — Brien M. Posey

Brien M. Posey avatar

Brien Posey is an MCSE and has won the Microsoft MVP award for the last few years. Brien has written well over 4,000 technical articles and written or contributed material to 27 books.