This document discusses best practices for securing working environments in virtualized and cloud computing settings. It argues that traditional network-based security solutions are no longer sufficient, as more applications and databases are deployed within virtual machines and across dynamic cloud infrastructures. The document advocates for next-generation, distributed host-based security solutions that can provide visibility and protection at the application and database layer without compromising performance or system stability.

1. Best Practices to Secure Working Environments Mohammed Almulla Kuwait University

2. Executive Summary Recent changes in computing architecture from dedicated servers in datacenters to virtualization and Cloud Computing suggest that we rethink our IT security methodologies. The focus is on database security, as well as on securing most enterprise applications.

3. Table of Contents Limitations of existing database security approaches. Security considerations when deploying virtualization. How distributed monitoring best fits virtual and Cloud Computing environments.

4. Securing Information in Virtualization Many enterprises future plan is to move some applications to Cloud Computing. How does this affect their IT security methodologies?

5. Recent Requirements Working environments are centered around two major technological requirements: Very High Performance Networks (VHPN) Complex applications.

6. Market Response To meet these requirements, security companies introduced a range of network appliances. Network Appliances: machines positioned somewhere in the network, to inspect the traffic for either protocol violations, malicious code, viruses malware or spams.

8. Winning the Battle In this era, solutions that depend on host-based software are neglected. Network-based IDS and IPS won the battle against host-based solutions. The concept of simply placing an appliance in a rack and attaching it to a switch is very attractive, especially when resources available for security are limited.

9. Recent Trend Today, many distributed applications have been leading to the adoption of host-based solutions, in conjunction with network appliances, specially when the enterprises are concerned with insider transactions.

10. Network-based Isn’t Enough The new databases are dynamically appearing in new locations. Question1: Will the network appliance approach be relevant when many transactions will not make it to the network Question2: Is the network monitoring approach efficient when the application network moves from LAN to WAN.

11. Before & After Previously, databases were not monitored or protected. Now monitoring DBs must cover local and intra-db attacks. Because of database breaches, customers are now investing time and effort in securing their databases.

12. Today’s Solutions Recently, appliance vendors have added local agents to their solutions, making many of today’s network-based solutions a hybrid of network appliance and host-based solution.

13. Solution Analysis The hybrid approach is not ideal, but as long as most applications run on the network in plain sight of the appliance, some enterprises were willing to accept the risks.

14. Disadvantages These hybrid solutions introduce complex implementation requirements such as kernel-level installation of the agent, for example, requiring reboots to the DB server. They still miss the sophisticated attacks generated from within the database itself. They also fail to address several technical challenges when implemented in either a virtual environments, or in the cloud.

16. In such a case, there is little or no network traffic as the transactions between the application and the database occur from VM-to-VM within the server.

18. Challenge #2 – The Dynamic System Environments If virtual security appliances are not ideal solutions for virtual machines, they are even less applicable in cloud-based applications, where networks are dynamic.

19. Solution The only solution that works in all environments, including Cloud environment is a solution that is based on sensors that run side by side with the database on every machine that hosts one database or more.

21. Cloud Computing prevents you from co-locating a server close to your databases – you simply won’t know where they are.

23. For Cloud Computing, make sure that the system supports wide area network (WAN) topologies.

25. The Ultimate Challenge The challenge is to create host-based solutions that do not suffer the same drawbacks that made old host-based solutions irrelevant namely: Intrusive implementations, Performance issues Quickly adapt to new and volatile environments.

26. Next-generation Solutions Next generation solutions must be lightweight, easily added to the virtual machine where needed, and installed in parallel to the first database that is installed on a machine.

27. Promoting Stability Adding a layer of security does not require changes in architecture and does not rely on the virtualization technology in use.

29. They realized that the complexity of ensuring adequate data security is an obstacle.

30. But, the movement towards these technologies is inevitable.