|By Gilad Parann-Nissany||
|June 26, 2014 11:39 AM EDT||
By Ellen Messmer
The Amazon AWS cloud service is fine for enterprise workloads and applying security controls such as encryption and firewalls is possible, though more security vendors need to step up to support Amazon’s EC2 service, according to the Gartner analysis presented today.
In his presentation at the Gartner Security and Risk management Summit 2014, analyst Neil MacDonald said there’s a misperception among many IT managers that Amazon’s EC2 is somehow a consumer-grade cloud service. “It’s designed for enterprise use,” he said, noting the Amazon platform continues to develop beyond simply an infrastructure-as-a-service to include Elastic Block Storage and other services. But companies do need to architect in any high-availability they want from Amazon’s EC2, he noted.
Amazon has a built-in firewall but it is fairly “coarse-grained” and many enterprise managers using Amazon choose to include third-party software host-based firewalls, though some vendor products fit more gracefully as they were designed for it, MacDonald said.
Check Point, Sophos, and Trend Micro all have their own software-based firewall/IPS for Amazon EC2, said MacDonald, but he added it would be hard to run a Palo Alto Networks firewall in Amazon. “Where’s Cisco’s firewall in the cloud for Amazon?” MacDonald said he’s wondering about Cisco, plus other vendors, too.
Several vendors have encryption agents for Amazon, including Porticor, Safenet, Voltage and Vormetric, among others. Amazon offers encryption as well. AlienVault and Splunk have security information and event management products for Amazon’s EC2. CloudPassage, Trend Micro, Dome9 and McAfee (the security division of Intel) offer varieties of server-based security for Amazon. MacDonald says he recommends a white-listing-based server protection strategy with continuous monitoring. He advises avoiding use of SSH keys.
While this all represents a growing ecosphere of vendors supporting Amazon EC2 for enterprise workloads, there are still some improvements that Amazon itself could make, MacDonald said.
Amazon now offers CloudTrail to audit activities. But MacDonald said one of the main things is that Amazon needs to provide its customers with a view related to the activities of Amazon’s systems administrators to know what they are doing. That’s because enterprises remain concerned about the danger of “snapshotting” of data resources held there. This “snapshotting” concern is guiding some decision-making.
“If data is so sensitive that snapshotting is keeping you up at night, don’t put it in the cloud,” said MacDonald. He added he’s urging Amazon to add more features and capabilities, such as a dedicated storage option, and “there’s no way to achieve a network tap today,” said MacDonald, which makes use of agent software the alternative.
Despite these criticisms, Amazon AWS was the IaaS that came out on top as the market leader in the recent Gartner Magic Quadrant, with Microsoft somewhat behind. CenturyLink, IBM SoftLayer, Verizon Terramark and CSC earned their spots as “visionaries” in the report but VMware, Rackspace, and GoGrid, among others, were ranked by Gartner as simply “niche players.”
Jul. 29, 2015 03:15 PM EDT Reads: 230
Jul. 29, 2015 03:00 PM EDT Reads: 1,251
Jul. 29, 2015 02:00 PM EDT Reads: 1,165
Jul. 29, 2015 01:45 PM EDT Reads: 419
Jul. 29, 2015 07:30 AM EDT Reads: 275
Jul. 28, 2015 06:30 PM EDT Reads: 1,376
Jul. 28, 2015 04:30 PM EDT Reads: 1,754
Jul. 28, 2015 11:00 AM EDT Reads: 2,032
Jul. 27, 2015 09:00 PM EDT Reads: 2,039
Jul. 27, 2015 10:00 AM EDT Reads: 2,020
Jul. 27, 2015 09:00 AM EDT Reads: 311
Jul. 27, 2015 08:00 AM EDT Reads: 1,894
Jul. 26, 2015 09:00 PM EDT Reads: 1,559
Jul. 26, 2015 08:00 AM EDT Reads: 2,141
Jul. 25, 2015 02:00 PM EDT Reads: 380
Jul. 25, 2015 01:00 PM EDT Reads: 1,945
Jul. 25, 2015 12:15 PM EDT Reads: 445
Jul. 25, 2015 12:00 PM EDT Reads: 1,522
Jul. 25, 2015 09:00 AM EDT Reads: 1,481
Jul. 24, 2015 11:00 PM EDT Reads: 2,049