Archive for the ‘Cloud Security’ Category


The Top 3 Private Networking Use Cases for CloudLink

Tuesday, April 2nd, 2013 by

Public clouds are fantastic for a majority of infrastructure use cases. And interconnectivity between clouds enables myriad solutions to empower businesses to have multiple synchronized points of presence across the world. Companies can easily set up connections that traverse the public Internet as a means to transmit and potentially synchronize data between cloud data centers. But these connections need to be reliable and more often than not, private.

CloudLink private network between cloud data centers

CloudLink private network between cloud data centers

With public network connections between clouds, users are at the mercy of hops and latency. For example, data may take one route with a particular number of hops, and a second later, may follow a completely different path and take a longer or shorter amount of time based on the connection.

In terms of securing the transport, some companies rely on point-to-point VPN connections using a hardware or software solution or some combination of the two. However, these solutions are also constrained by the connection and have limited speeds.

There are some scenarios or use cases that warrant using dedicated private networking to join geographically dispersed clouds. This is where GoGrid’s CloudLink service comes into play.

GoGrid’s CloudLink is a data center interconnect product—a redundant 10 Gbps pipe that is isolated to GoGrid traffic only. CloudLink enables private network traffic between different servers in GoGrid’s US data centers. As part of our “Complex Infrastructure Made Easy” mission, we designed this service to be basic yet powerful and still meet the needs of demanding organizations. Because this is a private network, much like the private network within GoGrid’s standard cloud infrastructure, there are no bandwidth costs. You simply decide on the connection speed (10 Mbps, 100 Mbps, or 1 Gbps), configure your connection, and pay for just the dedicated connection. (more…) «The Top 3 Private Networking Use Cases for CloudLink»

Software Defined Networking on the Edge

Thursday, March 14th, 2013 by

One of the recent trends in technology is the movement toward software-defined networks (SDN). With SDN, networking is no longer tied to a specific proprietary device but rather integrated via software. GoGrid has adopted this software defined networking architecture for its new product offerings starting with Dynamic Load Balancers and now with our new Firewall Service.

SDN typically means that the control plane is separated from the forwarding plane and is centralized. This setup is easier to manage and enables a more distributed system. In addition, management of the network is typically programmatic with SDN. In GoGrid’s architecture, for example, management is centralized while the activities are distributed. This design allows for greater resiliency and self-healing capabilities, meaning there’s always a way to return a failed distributed node to its previously stable state. We also enable access to these services via our management console and a public RESTful API.

Although most people think of SDN as it applies to the core (switches and routers), GoGrid’s strategy has been to start at the edge and then work toward the core. Dynamic Load Balancers and the Firewall Service are considered to be on the network edge. However, other services closer to the core, such as Private Network Automation (PNA), have adopted this architecture as well. Details about the Dynamic Load Balancer are explained in this previous blog post.

Firewall Service

GoGrid is introducing a new Firewall Service designed to be self-healing and available to all customers in all our data centers. Customers can deploy this service through the management console or API. Having a Firewall Service available to all our customers is an important step in further securing infrastructure in the cloud. Although GoGrid has secured its data centers and has built-in security measures to protect our customers’ infrastructure, our customers want greater granular control of port access for their individual servers. Our new Firewall Service is designed to meet and exceed those needs by making it easy to set up security wherever Cloud Servers are located.

This service comes with several key features: (more…) «Software Defined Networking on the Edge»

Public sector makes cloud infrastructure moves

Tuesday, February 5th, 2013 by

The rapidly evolving cloud infrastructure market is providing organizations around the world with new opportunities to improve operations through innovation. These capabilities are not only limited to the private sector, as government agencies and other public sector bodies will also begin to implement cloud services to enhance the way tasks are carried out.

Public sector makes cloud infrastructure moves

Public sector makes cloud infrastructure moves

A recent report by Gartner highlighted how the growing public cloud industry is changing how the government consumes security solutions because many of these will be hosted in cloud-based environments in the coming years. Furthermore, the ongoing adoption of various cloud computing services is forcing the public sector to prioritize the protection of their virtual infrastructure. As a result, the cloud will be incorporated into national infrastructure regulations by 2016, requiring decision-makers to implement advanced security tools.

“The popularity and increased adoption of cloud-based security services, albeit at different degrees, will influence the shape of future security marketplaces,” said Ruggero Contu, research director at Gartner. “Deployments of virtualization, and its replacing of traditional physical hardware platforms, are expected to impact the deployment model of future network security capabilities, which are expected to be based increasingly on virtual security appliances.”

Security’s future may rest in the clouds
Gartner analysts forecast growth rates for cloud-based security solutions to outpace premise-based offerings within the next three years because 10 percent of overall IT security applications will be delivered via the cloud by 2015. While this trend is likely to occur around the world, Gartner predicts North America will account for the majority of spending.

A separate report by Trend Micro highlighted similar findings, noting that the cloud security software market is forecast to expand at a compound annual growth rate of more than 41 percent through 2014, eventually generating more than $963 million in revenue.

(more…) «Public sector makes cloud infrastructure moves»

How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)

Tuesday, January 29th, 2013 by

This is Part 2 of a GoGrid security blog series on identifying and recovering from a Linux security breach. Part 1 provided general guidelines for conducting a security analysis on a compromised Linux server and forming strategic teams to address and resolve the breach.

In this article, we’ll review some recommended steps for recovering from a breach.

Recovering from the Breach

Lock the doors

Now that you’ve confirmed that there are no intruders logged in and you’ve identified the established connections, it’s time to “lock the doors.” Locking the doors largely depends on who is managing your firewall. Contact GoGrid in the event that we’re managing your firewall or perform the following actions if you manage your firewall:

  • Modify your system’s iptables configuration to restrict all remote console connections such as SSH to your office network
  • Modify your system’s iptables configuration to block all previously identified suspicious connections from and to your system.
  • Modify your system’s iptables to block all other services from the public Internet to your server. Doing so will effectively bring down your website or services, but you want to avoid compromising your customers or web site visitors.

Install and run a rootkit analyzer

(more…) «How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)»

How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)

Monday, January 28th, 2013 by

This 2-part GoGrid security blog series provides general guidelines for conducting a security analysis on a compromised Linux server and for recovering from a breach. Before you begin the security analysis, you need to consider two important factors:

1. The type of data your compromised server is storing or transmitting,
2. How important the server’s function is to your business

The data type—Personally Identifiable Information (PII) or Protected Health Information (PHI), for example—is important because your organization could be legally required to notify external parties and local or federal government agencies in the event of a breach. The compromised server’s function is important because its criticality may drive the recovery timeline.

You also may want to consider engaging a third-party that specializes in security forensics.

This series will cover 3 important items:

1) Understanding & assessing the breach
2) Setting up forensics & recovery teams
3) Recovering from the breach

Although this series won’t replace what a competent security firm can accomplish, it does provide an overview of some core processes, procedures, and activities you can do to potentially recover from a breach. And because each incident varies based on your computer system, be sure to conduct additional analysis and consult with experts to double-check your breach identification and resolution plan. (more…) «How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)»