CloudSigma has introduced the ability to extend and manage enterprise network policies within its Infrastructure as a Service environment for both cloud providers and customers, extending enterprise-level security into the public cloud.
Today many enterprises and cloud providers enforce cloud network policies through firewalls, but the process of spinning up firewalls within a public Infrastructure as a Service (IaaS) environment can be cumbersome and time-consuming, said Lynda Stadtmueller, program director of cloud computing services for San Antonio-based Frost and Sullivan Inc.
"Firewalls are still mostly appliance-based," she said. "The process requires time and manual effort to spin up physical equipment, and appliances aren't always scalable. CloudSigma is offering the same firewall functionality while letting cloud tenants easily attach that functionality to their entire account within a CloudSigma IaaS environment."
Enterprise IT, as well as managed service providers and providers hosting their own services on CloudSigma's IaaS, will be able to establish and enforce firewall-like network policies -- such as which traffic is permitted under what circumstances -- through an easier process than paying for a dedicated server in a private cloud, in which the provider would have to manually spin up a dedicated virtual firewall for the customer's environment, Stadtmueller said.
Extending network policies to the public cloud boosts security
The new network policy system from CloudSigma, a Zurich-based IaaS provider, will allow customers and providers to configure and control both inbound and outbound traffic through the CloudSigma IaaS Web interface or directly over the provider's application programming interface. The policies can range from a single rule that blocks all external public IP traffic to complex configurations allowing connections to certain ports from a specific range of IP addresses. Customers can apply these network policies to any number of virtual servers and reconfigure and reapply them to running servers on the fly without any service disruption, CloudSigma said.
The network policy management system will allow enterprises to secure and control their CloudSigma instances in a very granular way, said Robert Jenkins, co-founder and CEO of CloudSigma. "Now the customer can define polices based on their unique requirements and apply [them] to one or more server very elegantly," he said.
The new security capabilities will also make it easy for both end users and providers to keep enterprise policies up to date without the risk of human error or service disruptions, Jenkins said. "It's very easy to keep servers secure and compliant on the fly," he said.
More on network policies in the cloud:
Promoting cloud adoption with policy-driven cloud governance
How useful are network security policies in the cloud
Can providers trust orchestration software with security?
CloudSigma's new network policy management system's value to the market is not the security functionality itself, but the simplification of the process, Frost and Sullivan's Stadtmueller said.
"It becomes a click-and-point task for the administrator spinning up the VMs [virtual machines] to incorporate that firewall functionality into their [cloud environments]," she said. "Administrators can also assign pre-established policies to a new VM, using broad security policies that are easy to implement without specialized security expertise -- that's a beautiful thing for some cloud customers," she said.
SecludIT, a French startup that specializes in security for cloud infrastructure, supports Amazon, VMware and OpenStack cloud environments, as well as CloudSigma IaaS. The company is now working with CloudSigma's network policy management system to help alert its enterprise customers to security risks, said Sergio Loureiro, CEO and co-founder for SecludIT.
"We really think these networking policies are a mandatory step for customers in protecting applications and data," he said. "These policies can prevent our customers from any misconfigurations that [SecludIT] monitors for -- which are a common problem for some of our customers, like young companies and startups."
Could easier cloud security methods help grow public cloud adoption?
A network policy system like CloudSigma's can lighten workloads on the provider side by shifting control over to the customer. At the same time, companies lacking in security expertise won't necessarily need to understand how to code security elements with a more automated network policy offering.
But extending network policies into the cloud isn't about making the Internet more secure. It's making a secure cloud easier to implement and control, Frost and Sullivan's Stadtmueller said. "There are a number of security-related value-added services that … companies have offered, but enterprises already expect their Internet to be secure – it's no longer the top obstacle in adopting public cloud," she said. "It's all about offering control for the customers."