Recent activity with the Heartbleed vulnerability has the industry reeling and re-evaluating their security controls. We recently posted about the Rackspace response to this event, but while security is top-of-mind we’d like to share a new white paper on the topic of “Cloud Security in an Agile World.”
In this edition of the Google+ Office Hours Hangout, we talked about some of first steps to achieve security in the cloud. While security is a topic that deserves weeks of discussion, we wanted to give a quick overview on some of the basic practices. If you have any other questions about securing your solutions in the cloud, check out Wayne Walls’s security post as part of his Pillars of Cloudiness and feel free to give us a call at Rackspace and ask for a Launch Manager. Here are some of the highlights from last week’s Hangout – and you can scroll to the bottom to watch the Hangout in its entirety.
There are many options when trying to assess the security posture of your application and its hosting environment. Some choose to start from the top of the stack down and look at the application directly, while others might look at the supporting infrastructure first, including the network itself, the firewall rules, running services, and web server configurations. Regardless of the approach, enterprises must protect the integrity of their application and data by proactively identifying potential attack vectors or vulnerabilities. Certain regulation and standards even require periodic vulnerability assessments.
One of the common questions we hear from customers who are moving to the cloud is about security. Many times customers believe that security is something they have to take on by themselves or something that is automatically taken care of by a cloud provider.