As enterprise networking technology has evolved, so too has enterprise security. What began simply as setting up a perimeter around the network via fairly basic security tools like firewalls and email gateways, has evolved into adding an array of virtual private networks (VPNs), virtual local area network (VLAN) segmentation, authentication, and intrusion detection systems (IDS)—necessary to handle the consistently growing number of threats to the corporate network. For most IT groups, the idea of trying to re-create a robust enterprise security model in the cloud has been a daunting proposition. Although the cost and scalability benefits of the cloud seem appealing, the perceived lack of security and control has prevented organizations from taking the plunge.

The answer lies in the notion of maintaining a layered approach or “defense in depth” when it comes to enterprise-class security. A public cloud provider shouldn’t force an enterprise into a situation that requires it to migrate sensitive data into an environment that simply adds security on top, seemingly as an afterthought. This old perimeter-based solution is no longer in the data center; but, it’s exactly what typical public cloud providers are offering today. Enterprises demand more granularity in their control of the network, and an integrated approach that considers networking and security together, can provide this type of custom functionality. A defense-in-depth model should include the use of IDS, firewalls, network segmentation, authentication, VPNs, reporting and response to maintain redundancy of security just in case any one layer fails.

First and foremost, layered security enables enterprise IT to replicate the level of control it has in its own in-house environment, extending user access controls and network permissions. Furthermore, IT should be able to use familiar interfaces, which enables the enterprise to make changes to its security on the fly.

Another critical factor to ensuring data stays secure is to separate the web, app and data tiers into different network segments using VLANs and firewalls. This type of segmentation enables IT to secure data by network segment rather than by using a host-based firewall. This also allows each tier to be load balanced and scale optimally.

For one OpSource client that decided to leverage the cloud - Aerohive Networks - security was a top priority when the company decided to move its HiveManager networks management solution to a cloud-based model. The company wanted to be able to ensure its customers that they would have the same level of security and control that they experienced with an on-premise installation of its HiveManager solution. Once the network management service was moved to the cloud, the company was able to offer enterprises all the features and functionality of a behind-the-firewall network management systems without the cost and operational headaches of an on-site dedicated system.

To ensure cloud security with HiveManager, only the necessary protocols are enabled in the cloud. Customer access is available via secure SSL as well as application level authentication and privilege authorization. Within the public cloud data center, the cloud-enabled networking application is multi-tenant, enabling Aerohive to segregate access by customer, as well as cloud operations personnel. Aerohive has also found that physical security is often better than at on-premise installations, with SAS70 type II certified operations. And finally, if managed services are utilized, a unique advantage is that third- party access directly into the corporate network is no longer required, only secure access to the cloud hosted management portal.

The public cloud offers enticing cost and scalability benefits, but until recently, the potential hazards have eclipsed them. Enterprises handling sensitive data risked major data privacy and compliance issues stemming from weak cloud security capabilities. With a reconfigured view of the public cloud and by taking defense-in-depth approach to security, IT can implement the proper layered security to make the cloud a true extension of the existing network.