Have you considered firewall and IDS/IPS as it relates to moving IT applications onto a virtualized environment...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
(such as IaaS other than Amazon)? Would the deployment consist of an appliance-based firewall effectively "sliced up" for multi-tenancy/multi-domain in case of single-tenant, or would deployment as a virtual firewall be an option to consider?
This is a great question and one that many people moving applications to the cloud and using Infrastructure as a Service (IaaS) are probably working through as well. When using IaaS, all of the vulnerabilities associated with Platform as a Service (PaaS) and Software as a Service (SaaS) models are present, along with any vulnerabilities related to the IaaS model. When utilizing IaaS, however, users enjoy the most flexibility, since they have control over the entire stack: infrastructure, platform and software.
Ask the Expert!
Have questions about network security for expert Matt Pascucci? Send him an email today! (All questions are anonymous.)
With IaaS, however, the responsibility of security rests with the customer, not the provider. Using a network-appliance-based firewall/IPS requires the ability to manage the security in your IaaS provider's network. As you might expect, not all IaaS providers allow customers to add devices ad hoc to their networks; many see it as a network operations headache and a security risk they'd rather live without. How you'll manage this is the first thing you need to figure out before heading down this road.
As an alternative, companies often buy a managed service from the IaaS provider so that they can still have the functionality a multifunction security appliance offers, even if it's not possible to host their own hardware in the provider's data center. Personally, I don't believe this allows companies the freedom of making changes when they need to; I've always felt handcuffed when a provider has control over changes or updates that affect my security posture.
That being said, I think creating a virtual firewall is definitely a viable option to consider. Since you would already be hosting the rest of your infrastructure in the cloud, it would make sense to take the extra step and create that virtual firewall. If you've made the decision to host your data, applications and/or OS with a cloud provider, I believe that having complete control over your security is a no brainer.
Dig Deeper on Application firewall security
Related Q&A from Matthew Pascucci
A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how...continue reading
Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci ...continue reading
Explore the differences of public versus private bug bounty programs, as well as the benefits of each one. Expert Mathew Pascucci explains the risk ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.