Virtualization Technology News and Information
Overcoming Cloud Computing’s Biggest Challenge: Virtual Network Security

Today, most organizations deploy virtualization technologies without involving information and network security teams in the initial planning stages. As a result, many organizations are simply retrofitting their virtual networks with existing physical network security strategies and technologies. This lack of foresight and technological preparedness drastically weakens network security, which presents the biggest known challenge to the success of cloud computing with large-scale organizations.

In response, Stonesoft has identified five ways IT teams can protect themselves against cloud security threats and attacks, while helping ensure the success of their cloud computing strategies. They include:

  1. Federated ID: Inherent in a cloud computing environment is the need for workers to log into multiple applications and services. This presents a formidable security pitfall, as organizations may lose control over their ability to ensure strong authentication at the user level. To mitigate this risk, organizations need “single sign-on” capabilities – such as those provided by the StoneGate SSL VPN – that enable users to access multiple applications and services, including those located outside of the organization in the public cloud, through a single login. With this ability, organizations can streamline security management and ensure strong authentication within the cloud.
  2. Always-on Connectivity: When the majority of an organization’s critical business data is stored in the cloud, network downtime can shut down business operations. Access to cloud services must be always available, even during maintenance, thus requiring high availability technologies and capabilities such as active/active clustering, dynamic server load balancing and ISP load balancing within the network infrastructure. Organizations should seek technologies that are built into their network solutions, rather than purchase them as standalone products to ensure effectiveness, ease of management and reduced network costs.
  3. Multi-layer Inspection: The rise of the cloud computing environment and increased sophistication of threats has created a need for a proper layered defense comprised of perimeter protection and intrusion detection and prevention capabilities within the network. Rather than implementing first-generation firewalls to protect the cloud at the perimeter, Stonesoft recommends the deployment of virtual next generation firewall appliances – like the StoneGate Virtual NextGen Firewall – that integrate advanced firewall and IPS capabilities for deep traffic inspection. This will allow organizations to inspect all levels of traffic, from basic Web browsing to peer-to-peer applications and encrypted Web traffic in the SSL tunnel. Additional IPS appliances should be implemented to protect networks from internal attacks that threaten access to the cloud.
  4. Centralized Management: Human error is still the greatest network security threat facing both physical and virtual computing environments. As companies deploy additional network devices to secure their virtual networks, they exponentially increase this risk as device management, monitoring and configuration become more tedious and less organized. For this reason, Stonesoft recommends companies use a single management console to manage, monitor and configure all devices – physical, virtual and third-party.
  5. Virtual Desktop Protection: More and more organizations are deploying virtual desktops to realize the cost and administration benefits. However, these desktops are just as – if not more – vulnerable than their physical counterparts. To adequately protect virtual desktops, organizations should isolate them from other network segments and implement deep inspection at the network level to prevent both internal and external threats. Those organizations should deploy a multi-pronged approach to security by implementing IPS technology that prevents illegal internal access, protects the clients from malicious servers, as well as providing secure remote access capabilities through IPsec or SSL VPN that protects against unauthorized external access.

Stonesoft currently offers a selection of virtual network security solutions that provide advanced security in the cloud. These include the StoneGate Virtual NextGen Firewall, StoneGate Virtual IPS and StoneGate Virtual SSL VPN. For more information on these solutions, please visit

Published Wednesday, April 14, 2010 7:02 AM by David Marshall
Filed under: ,
Twitter Trackbacks for Overcoming Cloud Computing???s Biggest Challenge: Virtual Network Security : - Virtualization Technology News and Information for Everyone [] on - (Author's Link) - April 14, 2010 11:00 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2010>