August 13, 2012, 4:42 PM — For OpSource-not to mention Amazon Web Services (AWS), Rackspace, Terremark and others-the answer is a layer 2 virtual LAN. In OpSource's case, customers connect to the cloud using VPN clients or site-to-site VPN terminations. This makes the public cloud an extension of the private cloud, making it a secure, hybrid cloud.
For the National Highway Traffic Safety Administration, which in 2009 had 30 days to set up and test the infrastructure for President Barack Obama's Consumer Assistance to Recycle and Save (CARS) Act, the answer was the CloudSpan CloudConnect Gateway from Layer 7 Technologies. This service let the NHTSA put its servers in the public cloud and add appropriate security controls. As a result, the program known as cash for clunkers was able to process claims and award rebates to more than 690,000 Americans who traded in old automobiles for newer, cleaner and safer ones.
VPN-enabled public clouds and additional security layers such as CloudSpan are only two of the many ways to address public cloud security concerns. Each option comes with its own pluses and minuses, with cost, complexity and performance and latency overheads among the drawbacks.
Organizations can optimize their approach to public cloud security be deciding how mission critical an application is, as well as how secure the data for that application need to be. Here are 10 more ways to strengthen public cloud security to support enterprise use.
1. Select the Right Apps for the Public Cloud.
Some businesses, including most start-up companies, begin by using the public cloud for all applications, including mission-critical apps and their data. Palo Alto, Calif.-based Pinterest, the fast-growing social media sites with 150 AWS instances and more than 400 TB of data at last count, is one such start-up with all applications on the public cloud.
News: Amazon Cloud Set Stage for Rapid Pinterest Growth
However, public clouds are not for every organization. Within an organization, they're not for every application, either. Generally speaking, the enterprise applications suitable for the public cloud aren't subject to stringent security requirements. In these cases-such as Websites, application development, testing, online product catalogs and product documentation- the default security provided by most cloud service providers (CSPs) will be more than adequate for these kinds of applications.