Practical Methods for Securing the Cloud
By Dr. Edward Amoroso SVP & Chief Security Officer, AT&T
In this 2014 IEEE whitepaper, Dr. Edward Amoroso describes a set of different practical cloud security methods which when combined allow an organization to meet or exceed the existing security capabilities offered by its enterprise perimeter.
One of the methods described is runtime security virtualization. The author states:
“The most innovative security solution in the cloud ecosystem involves the dynamic creation of runtime security virtualization.
With runtime security virtualization, different assets that reside together in the same cloud can be associated with different security protections. Because providers can customize security, an object with a low security risk might have light functional protections, whereas another object with high risk might include multiple, more intense security functions. Catbird provides a cloud security platform that includes virtual machine appliances that allow for customization of protection across different assets.”
Catbird allows you to group objects or assets with a similar security profile into so-called Catbird TrustZones. For each Catbird TrustZone a set of security policies such as a firewall rule-set, an IDPS policy and a vulnerability scanning policy can be defined. These policies are then automatically enforced onto all assets that are part of that Catbird TrustZone. This method of wrapping security policies to workloads or applications is also known as micro-segmentation. More information on the benefits of micro-segmentation and how Catbird enables micro-segmentation can be found here.
Background on the author:
Dr. Edward G. Amoroso serves as Senior Vice President and Chief Security Officer for AT&T Services, Inc. Most recently, he has championed AT&T's network-based security strategy, centered around emerging in-the-cloud protection services such as Network-Based Firewall and DDoS Defense. He is the 1999 winner of the AT&T Labs Technology Medal for his contributions to large-scale intrusion detection and his work has been featured by the Wall Street Journal, CNBC, Network World and the New York Times.