Hybrid cloud is a architectural deployment concept for achieving flexibility and cost savings. Keeping control of business critical information and leveraging the cloud solutions is a challenge. The information exchange in the hybrid cloud must cohere to the organisation’s information policies. ZoneGuard provides excellent protection by enforcing security requirements on all information exchanges.
Trusting the border between public and private
When using a hybrid cloud, the business-critical information must be safeguarded. Information exchange between the public and private cloud shall be in full control of the organisation’s information security personnel and follow their information policy.
Full supervision of the information secures business-critical information
By introducing ZoneGuard which enforces the organisational information policy on the information flow with full supervision, the business-critical information can be protected by:
- Allowing only validated requests, messages and information sets to be transferred.
- Limiting permitted interfacing methods both on network layer and application layer.
- Enabling attributes or labels on the information to control the validity of information transfer.
Examples of ZoneGuard scenarios for hybrid cloud include:
- Protecting from data leakage and securing information exchange between operational and strategic business areas.
- Enabling workload processing outside the private cloud through anonymisation or normalisation of the data.
- Enabling critical infrastructure organisations to use the cloud for business operations while protecting critical ICS assets
ZoneGuard supports the SOAP and REST over HTTP and HTTPS. The HTTPS provides support for client certificates.
A service in the private cloud connects to a HTTP(S) server located in-side the ZoneGuard. ZoneGuard terminates the protocol and extracts header and payload information as well as certificate parameters if available from the stream. If the SOAP protocol is used, a XSD will validate the XML structure. The extracted information will be forwarded by ZoneGuard if an information policy is fulfilled.
Custom filters can be designed by using the Python syntax. The validated and filtered information is sent from a HTTP(S) client inside the ZoneGuard to a receiving service in the public cloud. If necessary, anonymisation or normalisation of the information is handled prior to the validation of information. The validation will ensure that the processed information fulfils the organistions information policy.
The reverse direction where the request originates from the public cloud and where the private cloud acts as a server is also supported using parallel services. Parallel services through the ZoneGuard may exist by defining multiple information paths.
Mitigated threats and validation of information
By using ZoneGuard in the hybrid cloud case the information flow is controlled by a policy defined by the system security responsible or the IT security department. Threats towards the system is effectively mitigated in the cross domain point by ZoneGuard’s validation and filtering of all information.
Read more about our Security Gateway ZoneGuard
ZoneGuard offers a custom fitted yet simple information policy-based solution empowering organisations who need to enable secure, precise information exchange between varying security domains.
