Information security in the cloud – How to do it in the right way

Liran Hamrany, Infrastructure and Security Engineer in Y-tech

The customers of cloud computing, in all sizes and from all of the sectors, expects to receive peace of mind from their cloud services provider. This is why they have to be sure that their data center’s computing and communication infrastructure performs well. It is especially important for an integrator that wants to offer cloud services to his end clients, like Azure ICT Platform for Integrators – the ICT model offered by Y-tech ICT in a joint program with Microsoft. The integrator must know for sure that he and his end clients will receive information security at the highest level.

Information security in the perimeter and internal

When cloud provider gives virtual and private cloud services to its customers, he naturally aspires to provide each and one of the customers the computing resourced that were promised and allocated for him. The cloud provider doesn’t divide its hardware infrastructure between the clients. The hardware is common. But there is a clear separation between the computing resources allocated to the different companies that share the same cloud, and there is no resources leak between the clients.

The cloud provider protects its system from the outside world using a general firewall that built of protections manners in some layers, but it doesn’t stop here. Every client enjoys his own firewall that protects him from external threats and also from his neighbors in the cloud. This method further strengthening the tight ring used to insure that information won’t leak between companies hosted in the same physical system.

Business Continuity: Security in the Azure level

Beyond the security measures offered by the cloud provider in the perimeter level, there is another security tool in the level of the inner network of each client. Every customer that buys hosting services package based upon Azure ICT Platform enjoys a third layer of security. This layer protects the communication to all of the servers in layer 2 which is the Data Link level in the point where the server connects to the network. The client can manage the different levels of security directly from Azure’s management interface, including firewall rules, bandwidth allocations, antivirus, IDS, logs in different levels and anomaly tracking. The client can also choose to receive mail alerts when the system identifies out of normal behavior or intrusion attempts.

Survivability guaranteed

Y-tech, as an ICT cloud provider, promises survivability in the highest level of its solution. The physical structure of the servers farm, and the placement of the servers inside the farm, was designed is order to ensure the highest survivability.

Additionally, for every component that has a certain rule in the system there is a parallel one that does the same job in order to achieve redundancy in the level of the servers, communication, storage, and electricity and cooling. When a fault happens the replacement component steps in to avoid shutdown. This process happens automatically without client awareness. A system in this level promises the client the needed business continuity.

And in the end, the client choose what else to install

A quality ICT cloud service grants the client multi dimensional protection on the one hand, but simple to use on the other one. Additionally, the client can choose to use a gallery of different products, including information security ones. With a few clicks the client can add any additional security service he needs. Azure ICT Platform is built to provide a wide range of exiting security systems and the ability of installing customized services as well.

The process of adding services and choosing solutions can happen in any given time. At the start of the road the integrator can choose the solution he wants to include in his cloud from which he will provide the services to his clients. Along the way, in any service’s setup the integrator can simply choose the right tools for each customer.

The integrator can employ an infrastructure of shared services from which he will provide Security as a Service solution built upon his shared firewall and other products. He can also build a private cloud for each client, or to provide a combination of private environments with public ones from the integrator’s cloud like shared mail security services, and more. It’s important to note that the process is very flexible and all can be changed all along the service life cycle.

At the end of the day, in order to provide high level of information security to the Azure’s cloud offered by Y-tech, the company uses some layers of protection, some of them built in the systems and some can be chosen by the integrator. The security components include internal and external information security in the infrastructure level, while the integrator himself can easily add more information security measures he chooses.

Liran Hamrany is an infrastructure and security engineer in Y-tech, responsible for data center, communication and infrastructure security environments.