Cloud Security

With the cloud, we no longer have well-defined boundaries regarding what’s internal and what’s external to our systems. We must assess whether holes or vulnerabilities exist across servers, networks, infrastructure components, and endpoints and then continuously monitor them.

According to the Cloud Security Alliance (CSA), an organization dedicated to ensuring security best practices in the cloud, significant areas of operational risk in the cloud include the following:

Physical security: It covers security of IT equipment, network assets, and telecommunications infrastructure.

Human resource security: It deals with the people side of the equation — ensuring background checks, confidentiality, and segregation of duties.

Business continuity: It ensures that the provider meets its service level agreement for operation.

Disaster recovery: It ensures that assets (data and applications) are protected. If, for example, we are using a public Infrastructure as a Service (IaaS) to run an application, find out what happens if there’s some sort of disaster (natural or otherwise).

Incident handling changes in a cloud: Working with service provider to control at least part of the infrastructure. The multi-tenant nature of the cloud often makes investigating an incident more complicated. For example, because information may be commingled, log analysis can be difficult because your service provider is trying to maintain privacy.

Application security changes in the cloud: Uncovering exposed security threats (in a public cloud). The CSA divides application security into different areas including securing the software development lifecycle, authentication, authorization, identity management, application authorization management, application monitoring, application penetration testing, and risk management. So, if we are using a Platform as a Service (PaaS) to develop applications, be concerned about application security. Likewise, if we are running your application in the cloud or using a SaaS provider, application security will be an issue.

Identity and access management: Controls and maintains access to computer resources, applications, data, and services. In a traditional data center, you may use a directory service for authentication and then deploy the application in a firewall safe zone. The cloud often requires multiple forms of identity to ensure that access to resources is secure.

Encryption and key management: Ensures that only intended recipients receive data and can decrypt it. Data encryption refers to a set of algorithms that can transform text into a form called cyphertext (an encrypted form of plain text that unauthorized parties can’t read). The recipient of an encrypted message uses a key that triggers the algorithm to decrypt the data and provide it in its original state to the authorized user.

Could security best practices

Knowing current state helps us to building a comprehensive strategy. Then, we can ensure that best practices are followed.

• In a highly distributed environment, manage the identity of who’s allowed to access what resources under what circumstances. Clearly defined rules combined with automation provide a path forward.

• Try to create general awareness of security risks by educating and warning staff members about specific dangers. Complacency is easy, especially if you’re using a cloud service provider. However, security threats come from employees as well as outside organizations.

• Regularly have external IT security consultants check your company’s IT security policy, IT network, and the policies and practices of all your cloud service providers.

• Determine specific IT security policies for change management and patch management, and make sure that policies are well understood by your service management staff and by your cloud service provider.

• Review backup and disaster-recovery systems in light of IT security. Apart from anything else, IT security breaches can require complete application recovery.