The introduction of cloud-based Infrastructure Services (IaaS) has practically revolutionized the IT market. Almost infinite virtual computation resources are now available in a pay-per-use model almost anywhere around the globe within a few mouse clicks (and a single swipe of your credit card). This is by order of magnitudes more flexible and more efficient than what any in-house IT organization can do. This compelling business model has led to a rapid growth in IaaS adoption by organizations of all kinds. However, with respect to IT security, public cloud IaaS is a big step backwards. Most on-prem security systems, such as firewall policies, access-rights management, monitoring and governance solutions cannot be extended ‘as-is’ to cover IaaS deployments. This is attributed to the fact that IaaS environments are multi-tenant virtual environments where organizations have no control over the infrastructure itself and limited control of the networking capabilities. Furthermore, most cloud providers work on a “shared responsibility” model, which ‘delegates’ most IT security responsibilities to the organizations using the cloud (i.e. their customers). This session discusses the challenges of securing IaaS deployments and several best practices to address them, focusing on preventive networking and access aspects.
Speaker: Amit Cohen, CEO of FortyCloud