Moving enterprise applications into the cloud is often accompanied by the same joy and anxiety as a proud parent sending their child off to college in a different state. We are proud to see them go, and we know that we are preparing them for a better future. However, once they have gone, we worry about their safety and hope that they contact us if they have any problems or issues.
Coping with the "empty nest" syndrome resulting from your local data center applications moving away, into the cloud, can be quite disconcerting. There is an inherent level of trust that you have bestowed upon your cloud provider. The security of Amazon Web Services and its data centers is world-class. Similarly, Google's Compute Engine cloud platform has proven both scalable and secure. However, just as the parent received assurance that the college campus is secure, there is still doubt.
Compensating this growing concern about cloud-based assets has created a new market for cloud-based network monitoring tools and system performance tools. These tools provide insight and analytic data as to the uptime performance of your cloud-based servers, and detailed performance statistics for cloud-hosted applications. However, these tools do not address the fundamental question, is my child (cloud-based server), really ok?
According to a report reviewed by SC Magazine, data security is one of the challenges holding back cloud adoption. This issue was cited by over 70 percent of respondents. Additionally, over 35 percent are concerned about regulatory compliance such as PCI-DSS, loss of control over IT services, compromised accounts, or insider cyber security threats. [1]
The core issue is that as our cloud infrastructure scales, our attack surface often grows proportionally. Due to the growing threat of advanced persistent threats (APTs), zero-day attacks, and the onslaught of cryptographic attacks on SSL and TLS encrypted communication channels, the need for file integrity monitoring on cloud-based assets is more important now than ever.
CimTrak provides you with the ability to deploy and scale your applications in the cloud while simultaneously providing you with real-time continuous monitoring of the integrity of all of those assets. You will know exactly when the configuration of a server drifts from your expected baseline. That server configuration drift may be because of an unexpected software update, an advanced persistent threat (APT), a zero-day attack, or simply human error. Either way, you know that something unexpectedly changed on your servers.
It's simple to accomplish this level of insight into your cloud infrastructure:
The first step is to install the CimTrak Agent on all of your cloud servers. The CimTrak Agent will provide continuous protection, auditing, and detection of unexpected changes.
The second step is to connect those CimTrak Agents to the CimTrak Master Repository. The CimTrak Master Repository is the central component that will maintain all monitoring and security policies related to your infrastructure. It also maintains the official audit trail of all changes to your servers. The CimTrak Master Repository can reside, in the cloud, on one of your provisioned servers. Alternatively, it can reside in your local data center, and the agents can simply connect to it over the public internet via an encrypted communication channel. Many of our customers find that maintaining their official audit trail via the CimTrak Master Repository in their own private facility, while protecting assets in the cloud, provides an unprecedented level of confidence in the integrity of their cloud deployments. It's essentially the best of both worlds, and perfect for the parent (i.e. Information Security Officer) that can't quite let go.
References
[1] http://www.scmagazine.com/cloud-security-is-a-top-executive-level-concer...
.png?width=50&height=50&name=Robert%20(1).png)
