Issue link: https://cp.revolio.com/i/359333
18 | THE DATA CENTER JOURNAL www.datacenterjournal.com To combat this situation, companies must implement a multi-tiered, multi-lay- ered approach to cloud security. Because a DDoS attack can affect anyone at any time, investing in a proven security product that protects your IP address is a must. At Windstream, we've partnered with industry-leading providers of advanced end-point, network and data center secu- rity services. Our security-solutions provider partners protect a customer's IP address by redirecting the spyware to its scrub- bing center. Essentially, the service absorbs the DDoS attack and serves valid traffic to the client's servers. Without DDoS- level protection, customers are extremely vulnerable to these types of attacks—and subsequent blackholing of the IP address under attack. A FOUR-TIERED NETWORK SECURITY SYSTEM As security breaches become more sophisticated, cloud security becomes more complex. We advocate the benefits of a four-tiered network security system: DDoS mitigation services. As noted above, DDoS mitigation through detection and prevention is an essential first level of defense against malicious attacks. A CSP should consider DDoS mitigation to be a fundamental tool in its security arsenal. Managed firewall services. A robust firewall is the second level of protection for cloud security. With a managed-firewall option, your firewall is managed by secu- rity experts who configure, install, manage, monitor and maintain network security. Additionally, firewalls can provide greater protection with the use of tokens, personal identification numbers (PINs) and pass- words with a multi-factor authentication option. Intrusion-detection services. e next level of protection is based around intrusion-detection services. If something has infiltrated your system through an open firewall port, intrusion-detection services can locate the breach and protect the network behind the firewall. Because the firewall provides a passive barrier, in- trusion detection is an aggressive third-tier level of protection against invasion. Web-application firewall. e fourth level of protection is the web-application firewall, which sits on the server itself. A web-application firewall monitors traffic to and from an application, filtering and blocking suspicious traffic. By implementing a four-tiered sys- tem, cloud customers can expect high-level network security for their data. Who Is Responsible for Protecting My Data? When it comes to data protection, both CSPs and cloud customers have responsibilities. A CSP should be prepared to provide physical security, network security and data privacy. Clients still have to protect data with encryption, patching, operating-system (OS) hardening and secure code deployments. Physical security. CSPs are responsi- ble for maintaining on-site security, includ- ing staffed security checkpoints, electronic and/or biometric access mechanisms, and emergency procedures for natural disasters. Network security. CSPs are also re- sponsible for maintaining a secure network environment for data and other traffic. ey provide optional perimeter firewalls, intrusion-detection systems, network monitoring and DDoS protection—all to ensure the highest degree of network defense. Companies providing the network that feeds their data centers are uniquely positioned to offer full-scale, end-to-end protection for cloud customers. Data privacy. Data-privacy respon- sibility falls on both the CSP and the cus- tomer. CSPs offer support for encryption of data and secure channels for data transfer and data backup. In addition to cloud service provid- ers, cloud customers have a strong part to play in cloud security. Similar to the security practices in place with their own on-premises data centers, cloud custom- ers need to follow basic security protocols such as establishing strong passwords and updating them periodically. Customers should also take advantage of the security measures offered by the cloud service provider, including the four-tier network services that are integral to data protection. SELECTING A CLOUD SERVICE PROVIDER Exploits occur so frequently through known, trusted ports that without four lev- els of network security—at a minimum— your data is vulnerable. Additionally, an in- house team that can provide forensic-level support is essential. is team conducts a forensic analysis to determine how the breach occurred and what damage exists: How was the packet infiltrated? What other servers did the virus talk to? Is there now a virus sitting on the server? When selecting a cloud service provider, it is important to find a company that proactively conducts forensic analyses on security breaches and researches poten- tial exploits before they happen. A security operations center is equipped with experts who spend the time understanding exploits to better protect your data—because, un- fortunately, breaches are inevitable. So how do you identify the best CSP for your important data? First, look at what security options the provider has to offer. To ensure the right fit, it is critical that the provider offer reliable security in the core IT environment in a man- ner that is compatible with your security requirements. CSPs should also allow you to manage elements of your own security and customize your service to meet your unique security needs. is is important for meeting regulatory compliance and security requirements that may be specific to your field or industry. Managed security services are an offering that can provide flexibility and customization to your security needs. Because the provider regularly and rigor- ously tests its security measures, managed security services are an effective—and lower-cost—alternative. Although it can be daunting to con- sider storing important data in a public, private or hybrid cloud environment, with a trusted and proven advisor as your CSP and the right level of security, the cloud can be a great alternative. Your CSP should work with you to ensure a shared respon- sibility for your data security at the level your organization desires. n About the Author: Rob Carter is director of data center and cloud marketing at Windstream. He is responsible for the planning and development of data center, managed services and cloud-computing product lines. Carter works closely with Windstream's customers and partners to ensure personalized service and enterprise-class products are the standard. Carter is a veteran of the United States Air Force and is currently attending Colorado State University.