Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Technical Cloud Security: Dynamic infrastructure hardening

SimonLeech

This is the fifth in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will talk about the role of dynamic infrastructure hardening in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

As we’ve previously discussed on this blog, a lot of the traditional security controls that we have used in an on-premise data center are still applicable in the cloud, however the way we use them will change as we adapt to the new highly virtualized and agile environment. Whilst making sure the platform, operating system instances, and applications are all included into a vulnerability management program to ensure the attack surfaces are effectively reduced, one of the big areas for change in a cloud protection strategy is around securing network traffic.

The reason for the change is quite simple – whereas in a non-virtualized data center we could use physical devices (firewalls, IPS, IDS etc) to keep traffic with different security profiles apart, in a virtualized data center, up to 80% of the network traffic may be going East – West, or, in other words, in-between virtual machines without needing to cross the physical network wire. There are a number of ways to inspect this virtualized traffic in a cloud environment, including VLAN configuration, agent-based protection, virtual security appliances, and micro segmentation.

Micro segmentation provides a lot of functionality when creating security policies, and provides the ability to isolate and segment network traffic, as well as providing advanced security integrations such as traffic steering and service insertion.

This video goes into more detail into the concepts behind dynamic infrastructure hardening, and talks about the different approaches to integrating network security into a cloud.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE approach to Hybrid Cloud Security. For information about HPE Distributed Cloud Networking, please visit this page, and for information on our partners go to the following links: vArmour, Catbird, Cryptzone, Fortinet, VMware NSX. Other videos in the series can be found by searching for the tag cloudsectechvideos.

  • HPE Cloud
0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and Chief Technologist Security within the Hewlett Packard Enterprise EMEA Hybrid IT Team. Within Hewlett Packard Enterprise, Mr Leech is responsible for influencing and evangelising the security strategy of the Hybrid IT team. Simon is active on Twitter as @DigitalHeMan

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all