A little about trends in the field of "cloud" security

/ photo by Alexandre Dulaunoy CC

Cloud computing is one of the most fascinating technologies currently in use. At 1cloud, we constantly monitor new products and trends in this area. Most recently, we published material on changes in the IT infrastructure, and today we would like to look at security trends.
')
Three recent material from our blog on Habré:

• How to choose a direction for the development of an IT project
• Data Center Technology Solutions
• Friday format: Unusual data center solutions

According to Amit Pandey, CEO of Avi Networks, a cloud of cyberattacks will soon overwhelm the clouds:

“The International Working Group on Cloud Resiliency Issues constantly monitors downtime and assesses security risks,” says Pandey. - So far, there have been no serious threats or problems with the availability of services. However, as more and more businesses start outsourcing their infrastructures, the number of DDoS and other cyber attacks will increase. ”

However, this does not stop people. The increase in the number of intruders in the rapidly developing area is a natural process. The RightScale project regularly explores the cloud market. Beginning in 2013, security was considered an obstacle # 1 to cloud adaptation, but in 2016 the “palm” caught up with the lack of resources and expertise of IT staff. This is due to the fact that people see what work is being done in the field of cloud security, and their fears are gradually disappearing.



According to RightScale

At the CNews Conferences and CNews Analytics conference, representatives of vendors, providers and customers gathered at a round table and discussed the vectors for the further development of the cloud industry. At the moment, the clouds are vertical structures, when users refer to the higher-level data center, if necessary, and receive an answer to their request.

According to the forum experts, from time to time they should be replaced by horizontal decentralized structures, when there is no single data center, and data is transferred from one device to another. For example, the FireChat messenger works on this principle.

In this new paradigm, classic security tools will be ineffective. The firewall will not be able to provide protection, since all important events occur at the boundaries of the network, and there will be no central verification service for user authentication. Market participants believe that the blockchain technology used in cryptocurrency transactions will be the solution.

“Blockchain is a distributed database where all participants in the process are owners of information and confirm each other,” explains Nikolay Nosov, RCCPA expert.

The experts also agreed that in the near future, issues of growing traffic and security will be addressed through the virtualization of network functions (NFV) and the construction of software-defined networks (SDN). These trends were also supported by the participants of the Interop Las-Vegas 2016 conference, which is also devoted to the topic of network security.

“The proliferation of software-defined networks will have an impact on the modern IT market, as happened with virtual machines,” said Cameron Camp, a security researcher at ESET. “If you have experience in network security, SDN will open up new opportunities for you.”

The technology of software-defined networks is a logical continuation of the evolution of network technologies that are increasingly integrating with program management and virtualization .

According to analysts, by 2018, the global market for SDN will increase to $ 35 billion, and 40% of all expenditures on data networks will be associated with SDN. First of all, software-defined networks will be in demand by service providers and corporate data centers.



The essence of SDN is to separate the "control plane" from the "data plane". In traditional switches and routers, these processes are combined and inseparable from each other, and in the case of SDN control is given to controllers that monitor the state of the entire network. Devices no longer need to know hundreds of protocols - they just need to follow the instructions of the controller, which means saving on hardware stuffing.

Thanks to the SDN technology, the company gets a vendor-dependent control over the network from one place, and administrators can program the network as a whole without spraying efforts on individual devices. Moreover, it will be possible to change the network characteristics on the fly, which will reduce the time it takes to deploy new applications and services.

On the “north” side, the controller provides an API, enabling developers to create applications for managing the network. Such applications can perform various business tasks: access control, bandwidth control, etc., and their developers do not need to know the details of the operation of specific network devices.

Another topic for discussion at the conference was the VMware NSX network virtualization platform. According to Dom Delfino, vice president of network and information for VMware, “security is the main reason for switching to the NSX”.

If an attacker managed to “get inside” the network environment, he gets access to the processes and data and is capable of causing serious damage. VMware NSX software-defined network management system solves this problem. Each process creates its own microgrid environment that isolates systems running on the same platform.

Microsegmentation is a good way to counter various kinds of attacks — if an attacker succeeds in breaking through into the system, he will not be able to go beyond the selected segment. The microsegmentation level of virtual networks with VMware NSX represents the next step towards the adaptation of cloud technologies and solves the problems of security and flexible use of network resources. However, despite all the advantages, today virtualized and SDN-based network security tools are not yet widely spread.

“These technologies are at relatively early stages of development and are the exception rather than the rule,” concludes Dave Lewis, security adviser at Akamai.

However, there is potential. Given how intensely these technologies are being discussed by conference participants, one can expect that these solutions will soon take their place in the data center technology stack.

PS A little more about how we improve the work of the virtual infrastructure provider 1cloud :

• How to create a virtual infrastructure provider: Experience 1cloud
• Client-oriented "cloud": Experience 1cloud
• Photo tour of the "cloud" of 1cloud
• A little about data storage and experience 1cloud
• UI Optimization: Experience 1cloud