Cloud Hosting – 2010-09-20 – A provider of cloud servers, CloudSigma AG, announced the launch of the cloud security suite in conjunction with its cloud computing platform. The company alleges that the new security suite, designed to work in conjunction with its existing web console interface, offers enterprise level security options for public cloud servers.A sample of a reliable cloud hosting can be found in vexxhost.com hosting plans.
It articulated that a growing number of the company’s customers come from the enterprise space. Enterprise customers are looking for solutions that offers secure access from within their corporate environment. Unfortunately traditional VNC access is often not possible due to restrictions on software installation and/or firewall rules within an enterprise environment. The in-browser VNC solution allows enterprises to access their cloud servers securely over the HTTPS port without having to modify their firewall settings or potentially compromise the security of their in-house desktop machines by allowing installation of third party software.
• Enable/disable FTP gateway functionality
• Control web console inactivity timeout periods
• Allow two stage login authentication using SMS
The company states that in this way, customers can dial in the level of restriction they wish to achieve with their web console access. The two stage authentication combines the usual initial username/password combination with a second stage SMS code verification step. It is quite similar to the latest generation systems employed by banks to secure retail access to their online banking. All failed attempts are logged and the account owner is alerted instantly informing customers when a password has become compromised as well as providing a comprehensive audit trail.
It further states that API access represents a double-edged sword for those looking to use public Infrastructure-as-a-Service clouds. On one hand, it allows full automation of cloud infrastructure allowing automatic scaling, load balancing and more. At the same time, however, such powerful tools represent a significant threat to a company’s infrastructure if not secured correctly. Detailed access control to the API is an essential part of maintaining the integrity of a company’s infrastructure. The following new settings allow customers to secure and limit access:
• Switch off API access completely
• Create an IP white list for API access
• Allow http/https or only https API access
• Choose between plain or digest authentication
• Choose between username/password or UUID/API key authentication
The company claims that these critical settings allow customers to tightly control the access and authentication to the API. The combination of secured web console access and secured API access present a robust answer to the concerns that have been raised with regards to securing infrastructure in a public cloud environment.
Source: ZNet India