Argsystems LLC. implements best practices for maintaining integrity, confidentiality and availability of your data while on a Cloud Computing environment. By integrating advanced infrastructure security tools with proven security management practices your organization can respond to business and regulatory challenges with confidence. Whether for a private or public Cloud operating environment our professional services will develop appropriate security controls and management practices as well as undertake the actual deployment of robust security applications.
Cloud Computing and its underlying virtualization technology can present challenges to an organization’s information protection posture. We have found that applying risk management principles and security management activities to the virtualization layer can provide instead tremendous opportunities to enhance availability, integrity and confidentiality for cloud-delivered services.
General guidelines in managing security in a virtualized environment.
1.The need to secure O/S virtual machines
-conducting risk management and impact assessment to detect weak controls, providing and documenting assumptions regarding eventual compensating controls.
-applying timely and regular software security patches and updates to the virtualization and application layers
-restrict privileged access to and disable unneeded services
-establish physical security
-use a secure configuration baseline, anti-virus, anti-malware and host based firewall
2.Adding value to your cloud security by selecting a host based virtualization solution:
Virtual networking : advanced networking features can be deployed virtually ( without need for a physical medium) making it ideal for packet filtering, network bridging, NAT, VLAN
3.Introspection
Introspection is the concept of using a virtual machine to carry security monitoring functions at the host level:
-deploy IDS and IPS on virtual machines to monitor security events
-provide mechanisms to isolate other virtual machines from access to hardware or privileged status (sandbox)
-prevent or detect guest OS escape
-monitor virtual machines for security
-use secure remote access to maintain confidentiality ssh, vpn, ssl, authentication
Factors in the design and operation
Images management:
-testing and validation of security configuration of virtual images
-file integrity checking & auditing tools for image
-virtual images must be scanned for rootkit, malware,
Managing the infrastructure
Using risk management practices throughout the information system lifecycle
implementation phase:
-physical to virtual
-introspection
-authentication
-connectivity
-networking
-management
-performance
-secure implementation
Operation & Maintenance:
–administration
-staying current
-access control
-logging
-time synchronization
Furthermore in a dynamically changing environment we rely on evolving industry’s best-practices advocated by the Cloud Security Alliance and NIST.
