Cloud computing and cloud storage are fast being adopted by enterprises as the way to go.
Both the enterprise and the employees have a lot to gain from using cloud networking to store their data and process it using third party data centers.
The cloud is used by organizations in a number of service models – IaaS, SaaS and PaaS – and four different deployment models – public, community, private, Hybrid.
There are several security issues that are associated with using a cloud network, issues that come under two very broad categories
- the issues that are faced by the cloud provider – organizations that provide IaaS, PaaS and SaaS
- and the issues that their customers face – the organizations that store the data or host the applications on the cloud.
However, although these are two categories, the responsibility for security is shared.
The cloud provider has to make sure that their infrastructure is fully secure and that applications and data are fully protected and the user has to ensure that their applications have been fortified with security and have proper authentication measures and strong passwords in place.
When a company chooses to use the cloud to store its data or host their applications, they no longer have physical access to the servers on which their information is stored.
Because of this, sensitive data is at potential risk of attack from insiders. Insider attacks are one of the top biggest threats in cloud computing and, as such, it is down to cloud service providers to make sure full background checks are carried out on employees who will have physical access to their servers.
As well as that, the data centers that house the servers have to be permanently monitored for any suspicious activity.
To keep costs and resources down and stay efficient, a cloud service provider will almost always store the data for several customers on one server.
Thus, there is a chance that sensitive and private data for one customer can quite possibly be viewed by others on the same server.
To get around this, the cloud service provider has to practice data isolation and storage segregation.
The use of virtualization in putting a cloud infrastructure into effect brings its own security issues for customers of public cloud services.
Virtualization changes the relationship between the operating system and the hardware, whether it is storage, computing or networking and this virtualization layer has to be configured correctly, managed and fully secured.
Cloud Network Security Controls
Cloud security will only be effective if the correct defenses are put in place.
The following security controls must be implemented:
- Deterrent: Deterrent controls are used to reduce the risk of attacks on the cloud network. It is similar to placing a large warning sign on a perimeter fence or on a building; the deterrent control lowers the risk of threat by telling a potential attacker that they will pay the consequences if they proceed.
- Preventative: Preventive controls are used to build up the strength of the system against attacks or other security incidents, usually by eliminating vulnerabilities. Strong authentication measures by cloud users will make it far less likely that unauthorized access to the cloud system can happen.
- Detective: Detective controls are used to detect incidents and react to them in the right manner. The control will signal the corrective or preventative controls and get them involved to sort out the issues. Network security monitoring, security monitoring, and intrusion detection/prevention are used to detect an attack on the cloud network and the supporting infrastructure.
- Corrective: Corrective controls are used to cut down on the potential consequences of an attack on the system by limiting how much damage can be done. These controls will come into play during an incident or after it, restoring data from backups to build up the compromised system.
All of these controls plus all the monitoring that must take place should all be written into a watertight security policy that has been fully tested and is monitored at all times.