Why is it that whenever someone mentions the terms “security” and “cloud computing” in the same sentence, shivers go up spines, hairs stand on end and anyone listening starts shaking like Shaggy and Scooby Doo upon seeing a “g-g-g-g-ghost?”
Calm down, people! The cloud has come a long way from that ethereal unknown it once was, largely because the IT industry accepted it for what it was – public storage of private information – and took steps to secure information before they placed it in that storage block – usually by encrypting it before it ever made the trek to the cloud.
As industry analyst and pundit, George Crump, said of cloud security recently in InformationWeek’s “Plug Into the Cloud” blog:
I don’t know of a single business level cloud storage solution that does not encrypt data before it goes across the internet and almost all store that data in an encrypted format. That means you are still in control of your data. In almost every case the cloud storage provider can’t see or do anything with that data (unless you give them the encryption keys).
He later adds:
I would argue that the chance of you having encrypted data that is stored in the cloud being compromised is less likely than having data within your data center compromised where most data is not encrypted.
While Crump seems to be channeling FDR’s famous words – “The only thing we have to fear is fear itself” – he brings up a very valid point about cloud computing or with any part of modern IT for that matter – the greatest risk to security lies within the organization itself, rather than with the technology. In effect, as long as the data leaves your side of the WAN in a non-vulnerable position, it should not be exploitable when it reaches the cloud.
Don’t Let WANs Cloud Your Perception
Through the cloud, enterprises are able to consolidate resources into purpose-built data centers where they can physically protect critical information and more easily track vital assets. In addition, data can be backed-up more easily and with consistent regularity, minimizing the ongoing risk of exposure.
To take advantage of this, CIOs are turning to WAN acceleration as a key enabler for these strategic IT initiatives. By overcoming common WAN obstacles, such as limited bandwidth, network congestion and high latency, these devices ensure that consolidation does not come at the expense of application performance.
But it is possible for WAN acceleration to introduce new security challenges if not implemented properly. For example, deploying a WAN acceleration appliance with unencrypted drives can actually create risk where none previously existed.
Confidence in the Cloud
The good news is that ensuring the security of the WAN acceleration device being used to deliver data to the cloud is not complicated. The best solution incorporates the latest in encryption technology to protect data at all times — at rest and in transit across the WAN. It provides an easy way to configure, enforce, and monitor security policies from a central location and employs mechanisms to ensure that security does not come at the expense of network performance or scalability.
Silver Peak products, for example, are built on a Secure Content Architecture™ that enables enterprises to deploy WAN acceleration with complete confidence. The Secure Content Architecture employs various techniques to ensure that data remains secure, regardless of where it is in the WAN acceleration process. This is achieved via the following capabilities:
- Disk encryption: employs 128-bit AES encryption to protect all data stored on Silver Peak appliances.
- Secure Transmission (IPsec): supports 128-bit IPsec (using AES for encryption) to ensure that data is secure as it is transferred over the WAN.
- Secure Socket Layer (SSL) Acceleration: optimizes SSL traffic using a variety of techniques, including Quality of Service (QoS) to prioritize this traffic, TCP acceleration to overcome latency, and Network Integrity to minimize the impact of dropped/out-of-order packets.
Silver Peak’s Secure Content Architecture also delivers a variety of features that control the manner in which traffic traverses the WAN. These include:
- Centralized control: enables advanced authentication policies to be centrally configured and enforced.
- Advanced Application-based policy management: determines which WAN acceleration techniques should be applied to individual flows of traffic in an effort to optimize performance and prioritize traffic based upon pre-established security policies.
- Secure Access: tightly controls device access using TACACS+ and RADIUS, ensuring complete AAA protection.
Because Silver Peak designed its solution from the ground up with secure acceleration in mind, it provides the highest level of data protection today, while ensuring seamless support of tomorrow’s security technologies.