More data and higher stakes are adding to the pressure to maintain bulletproof application security. With the hyper-connected nature of enterprise environments, single outages can wreak widespread havoc extending far beyond the IT department. End-user productivity takes a hit three times harder than IT productivity during an outage. Non-IT/security departments absorb more than half of DDoS attack-related costs with customer support bearing 63 percent of the burden.
Recent activity with the Heartbleed vulnerability has the industry reeling and re-evaluating their security controls. We recently posted about the Rackspace response to this event, but while security is top-of-mind we’d like to share a new white paper on the topic of “Cloud Security in an Agile World.”
In this edition of the Google+ Office Hours Hangout, we talked about some of first steps to achieve security in the cloud. While security is a topic that deserves weeks of discussion, we wanted to give a quick overview on some of the basic practices. If you have any other questions about securing your solutions in the cloud, check out Wayne Walls’s security post as part of his Pillars of Cloudiness and feel free to give us a call at Rackspace and ask for a Launch Manager. Here are some of the highlights from last week’s Hangout – and you can scroll to the bottom to watch the Hangout in its entirety.
There are many options when trying to assess the security posture of your application and its hosting environment. Some choose to start from the top of the stack down and look at the application directly, while others might look at the supporting infrastructure first, including the network itself, the firewall rules, running services, and web server configurations. Regardless of the approach, enterprises must protect the integrity of their application and data by proactively identifying potential attack vectors or vulnerabilities. Certain regulation and standards even require periodic vulnerability assessments.