Safety First! New Cloud Security Services

In this article you will read

• how the Host Security Service increases the security of your workloads in the cloud,
• which specific security functions run automatically in the background,
• and how you can eliminate complexity, open ports, weak passwords and risky authorization settings with the help of AI.

Cloud security is a key issue when using the cloud. With the Host Security Service (HSS), the Open Telekom Cloud is introducing a new suite of security services that enables comprehensive, automated security management of complete application landscapes.

Just a few years ago, there was still a lively debate about cloud security – some declared that clouds were insecure per se, while others pointed out that clouds can even be more secure than on-premises operation in your own data center. The truth lies somewhere in between.

Security in the cloud is different from traditional IT security. The shared responsibility concept divides the responsibility for security between the cloud provider and the cloud user. The cloud provider ensures the security of the platform, while the user ensures secure components right down to the application level.

The fact is and remains: Anyone who surfs the web is vulnerable per se. But with professional cloud security, companies can easily defend themselves. To support users in this, many cloud providers offer suitable security services – including comprehensive security suites.

The problem with cloud security is that many applications and environments in the cloud are highly dynamic. They are subject to constant change. Server configurations and basic settings, for example, change constantly – and this provides a source of security vulnerabilities. In 2022, internet users worldwide discovered over 25,000 new common IT security vulnerabilities (CVEs), the highest annual number reported to date. Given the developments, it is hard to imagine that the number will have fallen by 2024.

Along with the many vulnerabilities, the number of patches for security gaps is also rapidly increasing. Managing patches is often a headache for operational staff (especially in larger landscapes). How do you deal with too many processes, complex open ports, weak passwords and risky authorization settings? Those responsible simply cannot avoid intelligent security services once cloud workloads reach a certain size. These must automatically maintain a high level of security in the background.

With the HSS, the Open Telekom Cloud is introducing a new type of security service for the management of cloud servers and containers. HSS uses artificial intelligence (AI), machine learning, user behavior analytics (UEBA), and more to quantify and analyze threats.  

The following basic functionalities are included in HSS:

• A central security dashboard that provides a security score, reports events, and shows recommendations for action
• Asset management manages servers, containers, images and groups the assets
• The baseline check detects insecure basic settings, e.g., weak passwords
• Vulnerability management identifies weaknesses in the operating system, images, and web content management system and helps to rectify them
• Intrusion Detection identifies complex threats (e.g., unauthorized rights extensions, unauthorized access) and responds by blocking IP addresses, for example
• Security Response creates alarms and produces security reports and security notifications: The notifications are sent via Simple Message Notification (SMN) and can reach users via email or text message, for example
• If malicious software is found on the servers, it is automatically isolated and deleted (a kind of advanced anti-virus functionality). Ransomware prevention creates copies of the content at regular intervals and allows it to be restored even in the event of a successful attack
• Unified multi-cloud gives users the option of extending security management to the operation of servers and containers in other clouds as well
• Multi-factor authentication (MFA) increases account security for resource access

The premium version offers additional functionalities. It includes Asset Fingerprints, Ransomware Prevention, Application Protection, File Integrity Monitoring, and advanced Intrusion Detection (Port Scan, Host Scan & Suspicious Task Scan). HSS also offers additional packages for container security and web page tamper protection. These also protect users against account cracking, key file manipulation and website backdoors.

HSS is used via the console or API. To use the functionality of HSS, an agent is installed on each server or container. This agent monitors the security of the respective resource. The agent delivers its findings to a central, customer-specific dashboard, from which it also generates reports. HSS is operated natively on the Open Telekom Cloud; all data remains within the Open Telekom Cloud – meaning it also meets all data protection compliance requirements.