Paul Dackiewicz, Lead Security Consulting Engineer Advanced Network Management 


The cloud is basically an extension of your network that’s hosted on someone else’s server. You should always have that mindset. And bridging the connection between on-premises locations and customer sites to the cloud is a big security concern. To do that safely, you have to know what that looks like, and you have to know what safeguards are available from the cloud service provider.

Things happen differently in the cloud. You recycle so many things when you’re offering a public cloud instance, whether IPs, disk drives, or the fact that you’re constantly destroying and recreating data on the fly to perform any number of on-demand resource capabilities. Services constantly change and evolve depending on what the users need, so you are constantly varying how you deliver those services to the appropriate end points.

A lot of what is happening is not user-facing. For example, if I have a server in my environment that needs to talk to Amazon, there’s no user interaction. You are not only configuring your local on-premises equipment to talk to the cloud, you are configuring the cloud, too. To be able to grant secure access when necessary, you need to leverage their tools, their identity sources, and their federation. A lot of autonomous connections are being made, which is why you have to stay on top of your access control lists (ACLs).

Throughout the life cycle of a cloud process, you must always audit changes and controls. Keeping track of how it’s being configured requires having eyes on it at all times.

This is an excerpt from the Container and Cloud Security Series.  This series was generously sponsored by Lacework.