The Hostway Blog

Managing Security in Hosted and Cloud Environments

With ever-increasing reports of data breaches and hacker activity, you need to protect yourself from the sophisticated and varied threats to your business. Whether it’s data security, availability, or your reputation on the line, the stakes are high. But the landscape of security solutions is complicated and fast-moving. What technologies do you need? How do you manage them? It can be a confusing process.

Here at Alert Logic, hosting and cloud security are our major focus. We work with top providers like Hostway to understand the unique needs of forward-looking companies that are taking advantage of these models, and the requirements for providing enterprise-class security. While there aren't simple answers, there are practices that will help you make the right decisions about security in your hosted and cloud infrastructure. Let's take a look at one of them: identifying the most relevant threats to your defenses.

Because we have the largest base of customers securing infrastructure with hosting service providers, we see the threats they face, and we regularly analyze this data for our State of Cloud Security Report series. The latest report just came out this spring, and contains important insights for you as you develop your security strategies.

Looking at six months of real-world threat data for customers in enterprise data centers, managed hosting environments, and the cloud, produced these key findings:

  • Web application attacks are the most common threat for hosted environments, pointing to the importance of good coding and active defenses against SQL injection, cross-site scripting, and other typical exploits.
  • Malware is a big problem in enterprise data centers… but much less common in cloud and hosted environments.
  • Brute force attacks are an unsophisticated but effective tool, remaining common in all environments.

The infographic below provides a visualization of some of the report results; you can download the full report at http://www.alertlogic.com/csr.

Alert Logic State of Cloud Security Infographic, Spring 2013

One of the really interesting findings – and one that we've seen consistently over several years of data – is that overall, cloud and hosted customers were less likely to experience security incidents than enterprise data center environments. That's not what most people expect, but our data identifies this is a benefit of the great management and operational excellence that a provider like Hostway offers.

As you would expect, this data has a big impact on our own product development plans, and Alert Logic works with providers like Hostway to provide services and technology that address the most important threats:

  • Alert Logic Threat Manager – managed intrusion detection and vulnerability scans.
  • Alert Logic Log Manager – cloud log management that collects and normalizes all your log data, presents it in a slick web interface, and stores all data for a year (or more if you need it).
  • Alert Logic Web Security Manager – a managed web application firewall that blocks web application attacks – one of the most common and dangerous sets of exploits.

All of our solutions are designed for hosted and cloud environments, and we provide 24x7 monitoring and response so that they provide real security outcomes – not just data. Our Security Operations Center, tightly integrated with Hostway's operations, identifies real threats and helps you respond and protect your data.

This tight integration with your hosting provider is a unique model – and as more infrastructure moves to virtualized environments, we believe it will be the standard for securing critical infrastructure and applications. Just as Hostway represents the future of IT infrastructure, Alert Logic's security-as-a-service is there to provide integrated security services.

About the author: John Whiteside is Manager of Product Marketing at Alert Logic