By Paul Moxon, Senior Director, Product & Solutions Marketing
Cloud applications are just as apt to fail as on-premise applications, a painful lesson Amazon Web Services users like Netflix, Pinterest, and Instagram learned this year — and users like reddit, TMZ, and Heroku learned as recently as October 23 — after service outages involving Amazon’s Northern Virginia data center shut down its users’ offerings for hours.
Taking the following measures in advance can help minimize the impact of such an outage on your organization:
Fully implement cloud-vendor security instruments
On premise, your IT department can exercise complete control over your firewalls and router configuration, and use multi-layered security zones to protect internal applications.
But when you run IT applications in the cloud, this level of control doesn’t exist.
Fortunately, cloud-application hosts do provide instruments that will allow your IT department to recreate the type of security zone isolation you enjoy on premise, but you have to make sure those instruments are in place and fully leveraged.
Amazon’s Elastic Compute Cloud (EC2), for example, offers a feature called “Security Groups.” A security group acts as a firewall for a set of Amazon Machine Images (AMIs) – virtual application software used to create a virtual machine within EC2 – and allows you to define rules that control the traffic that can access instances assigned to the security group. An instrument like this gives your IT department several advantages when safeguarding against an unexpected outage, including the ability to:
• Create a DMZ/firewall-like configuration despite having no control over the cloud’s physical routers.
• Isolate and protect the different layers of your application stack.
• Provide security against unauthorized access and data loss.
(For Part 2: please click here.)