As summer passes by and fall rolls in we can expect cloudy days to be here soon.  A similar trend is happening in the data center space as well.  It is getting “cloudy” with the creation of mega data centers in the Internet.  The explosive growth of the Internet together with advances in the compute space such as virtualization technologies is making it very attractive to build large data centers that could be shared by multiple tenants. From the users’ vantage point, it is attractive to move their data centers to the cloud as it reduces the overhead of maintaining and operating them and also provides them an easy way to scale or shrink the resources needed in a dynamic fashion. Not so fast, an important aspect that needs to be considered in this transition is securing the traffic that flows in and out of these data centers.

This is the introductory blog of a series where I plan to address the topic of Cloud Data Center security.  There are many challenges that confront a cloud service provider in providing security for the traffic traversing the data center. The challenges can be viewed as the requirements for a security platform to be successfully deployed in the cloud data centers.

• Performance Scaling – Server virtualization technology has provided the ability to create and destroy virtual machines in an efficient way. This has been leveraged in the design of the cloud data centers. The security platform used to secure these virtual servers should be capable of scaling the performance in a dynamic way to provide the elasticity that is inherent to cloud data centers.
  
• Service Integration – The nature of applications that are hosted in a data center can vary widely and so are the security requirements. The data center security platform should be capable of efficiently providing a variety of security and traffic management services required by the applications hosted in the data center.
  
• High Availability and Reliability – the cloud data center is an “always on” service just like any other utility service. The security platform must support that paradigm. Cloud data centers are also very dynamic as they support mobility of virtual machines. The security platform should be able to adapt to this movement and effectively deliver the service.
  
• Multi-tenancy – It is a given that the cloud data center will cater to multiple customers with varying needs. The security platform should support partitioning to logical systems for multiple tenants. Each partition should behave identical to a physical counterpart.

• Service Provisioning - One of the main differentiators of the cloud data center is the dynamic provisioning of resources. Similar to the server, network and storage resources any other services needed for the tenant should be provisioned in an automated fashion. This is an important requirement for a security services platform as well.

It would be great to get your feedback on these requirements and suggestions for any additions. In the upcoming blogs, I intend to explore some of these challenges in more detail. Until then let us hope for more sunny days!