Page 178 - How Cloud Computing Is Transforming Business and Why You Cant Afford to Be Left Behind
P. 178
MANA GEMENT STRATEGIES F O R THE CL OUD R EV OL UTION
workload. “Limiting the capabilities of the underlying applica-
tion stack not only limits the overall attack surface of the host,
but also greatly reduces the number of patches needed to keep
that application stack secure,” the alliance’s white paper stated.
In addition, a word needs to be said for Amazon’s own prac-
tices. When it accepts a virtual machine to run on its servers, it
equips that machine with its own firewall, a best practice for
running virtual machines in any environment. The firewall can
detect malware and shield the virtual machine from it. Amazon
also issues a digital key to the virtual machine’s application to
identify it as a valid account. The key is passed as the applica-
tion calls for cloud services or communicates across nodes in
the cloud to other parts of the application. This practice makes
it much harder for an intruder to mimic the application and
get at its data or gain responses reserved for the application.
Some firms are beginning to specialize in virtual machine
security; they promise to upgrade the levels of protection on
virtual machines moving around the Internet. One of them is
Altor Networks. Todd Ignasiak, director of product manage-
ment, points out that cloud computing presents “a particularly
juicy target” for professional hackers who are interested in
stealing passwords, bank account information, and personal
identities because of all the activity that is going on in a con-
centrated setting. Furthermore, the malware author can some-
times arrive hidden in the traffic of a legitimate activity, as
happened with the Web site hosting the Zeus botnet referred
to earlier. Hackers prefer to be cloaked behind legitimate op-
erations where they are harder to detect and leave fewer tracks.
158
