Don’t Trust Your Cloud Network Security Controls to Anyone but Yourself

By Doug Johnson, Senior Director of Solution Engineering

When it comes to the cloud there are too many things you have to trust in your Cloud Services Provider (CSP) to do. Security should not be one of these leaps of faith that you have to take. You need tools that provide the same security regardless of location and that your IT team can learn once and deploy everywhere. BlackRidge Technology provides such a tool.

How much have you invested in protecting your network? Whether its your office network or your home network the odds are if you are concerned about security you have invested in tools that you trust will protect what you want how you want. So if you have invested heavily in protecting your on-premise network the way you want to, why would you give that trust and control up when it comes to your cloud resources?

Most organizations choose their CSP based on how much they are going to get charged (by compute, storage, bandwidth, or something else) or where the regional datacenters are (you wouldn’t choose a CSP that hosts your resources in San Francisco if all your customers are in Munich). Seldom does the selection criteria include how secure the CSPs cloud actually is. Most CSPs have firewalls, intrusion detection systems, virus scanners, and all the usual tools. If you use a CSP ask yourself this: Are the security tools provided to you from a major security vendor, were they developed in house by the CSP, or are they open source tools?

We spend a lot of much time choosing security tools to protect our networks. We go through POCs, trial periods, budget reviews…everything we need to do to ensure that we don’t end up on the front page of the NY Times. Why then are we willing to give up so much control when we use the cloud?

What we need is to be able to extend the same security controls we use to protect our on-premise networks to protect our cloud resources. We invest a lot of time and money in securing our networks so why not secure the entire network? The problem is that most network security tools only protect based on where you are coming from (IP Address, MAC Address, hostname). With the dynamic nature of the cloud we need something that works end-to-end and is not hindered by the limitations of traditional networks.

BlackRidge identity-based network security allows organizations to move past the limitations of using network topology and addresses for network security. Our patented Transport Access Control allows you to build your cloud and enterprise network security controls around identity. First Packet Authentication™ verifies identity during TCP session establishment. This means you are enforcing policy based not on where you are coming from or how you got there but on who you are. Built on the TCP protocol, there is nothing proprietary about BlackRidge that you need to verify works with each CSP since it works across LAN and network boundaries and with middle boxes.

What’s really cool about this is that you don’t have to push your identities or IDMS to the CSP. You will be using your current on premise identity system!!! This means the same effort you take to manage identities and access policies on your corporate network is extended to all your cloud resources. Trust me, when you tell your IT staff that they don’t need to learn a CSPs unique set of tools and manage them in addition to what they already have, you will be thanked. Not to mention that if you use multiple CSPs they tend to provide different tools, making the ability to use the same security controls across the cloud that much more important.

Let’s face it, the cloud and its various hybrid forms are here today and not going away. BlackRidge has developed our identity-based network security with the cloud in mind, putting control over cloud security back where it belongs - in your hands.