The Lighter Side Of The Cloud – Data Locking
The Lighter Side Of The Cloud – Down The Line
The Lighter Side Of The Cloud – Falling Behind

Cloud Security – Is The Cloud Insecure?

Cloud Security – Is The Cloud Insecure?

Cloud Security – Is The Cloud Insecure?



Cloud security is on the top of every CIO’s mind. Apparently some people even consider that cloud risks outweigh cloud benefits.  Unfortunately, an overzealous approach to cloud security can lead to arguments that detract from the real issues, with little to no analysis of the specific problems at hand.

Cloud security issues

  • Separation of duties Your existing company probably has separate application, networking and platform teams. The cloud may force a consolidation of these user groups. For example, in many companies the EC2 administrators are application programmers, have access to Security Groups (firewall) and can also spin up and take down virtual servers.
  • Home access to your servers Corporate environments are usually administered on-premise or through a VPN with two-factor authentication. Strict access controls are usually forgotten for the cloud, allowing administrators to access your cloud’s control panel from home and make changes as they see fit. Note further that cloud access keys/accounts may remain available to people who leave or get fired from your company, making home access an even bigger concern…
  • Difficulty in validating security Corporation are used to stringent access and audit controls for on-premise services, but maintaining and validating what’s happening in the cloud can become a secondary concern. This can lead some companies to lose track of the exact security posture of their cloud environments.
  • Appliances and specialized tools do not support the cloud Specialized tools may not be able to go into the cloud. For example, you may have Network Intrusion Detection appliances sitting in front of on-premise servers, and you will not be able to move such specialized boxes into the cloud. A move to Virtual Appliances may make this less of an issue for future cloud deployments.
  • Legislation and Regulations Cross border issues are a big challenge in the cloud. Privacy concerns may forbid certain user data from leaving your country, while foreign legislation may become an unneeded new challenge for your business. For example, a European business running systems on American soil may open themselves up to Patriot Act regulations.
  • Organizational processes Who has access to the cloud and what can they do? Can someone spin up an Extra Large machine and install their own software? How do you backup and restore data? Will you start replicating processes within your company simply because you’ve got a separate cloud infrastructure? Many companies are simply not familiar enough with the cloud to create the processes necessary for secure cloud operations.
  • Auditing challenges Any auditing activities that you normally undertake may be complicated if data is in the cloud. A good example is PCI — Can you actually prove that CC data is always within your control, even if it’s hosted outside of your environment somewhere in the cloud ether?
  • Public/private connectivity is a challenge Do you ever need to mix data between your public and private environments? It can become a challenge to send data between these two environments, and to do so securely. New technologies for cloud impedance matching may help.
  • Monitoring and logging You will likely have central systems monitoring your internal environment and collecting logs from your servers. Will you be able to achieve those same monitoring and log collection activities if you run servers off-premise?
  • Penetration testing Some companies run periodic penetration testing activities directly on public infrastructure. Cloud environments may not be as amenable to ‘hacking’ type activities from taking place on cloud infrastructure that they provide.

By Simon Ellis,

Simon is the owner of LabSlice, a new startup that allows companies to distribute Virtual Demos using the cloud.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Popular

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

Cloud Infographic: 2015 Data Scientist

Cloud Infographic: 2015 Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some of the exciting…

PaaS vs Docker – why is it such a heated debate?

PaaS vs Docker – why is it such a heated debate?

PaaS vs Docker Docker started as just a software container on top of a Linux operating system which seemed like a simple optimization for a fat hypervisor. Its disruptive force however comes from the fact that it does force us to rethink many of the layers of the cloud stack. Starting from the way we…

Recent

Thinking About Doing Business In China? Consider This…

Thinking About Doing Business In China? Consider This…

Doing Business in China? Consider This…  China’s economy continues to outperform both regional and global markets with double-digit growth for the last decade. IDC believes China’s GDP will maintain growth around 7.2% until 2020, allowing GDP to reach US$18 trillion or 17% of the world total. And with a population of over 1.35 billion people,…

Big Tech Trends For The 21st Century

Big Tech Trends For The 21st Century

Tech Trends For The 21st Century When the historians of the future look back on the 21st century, what will they say? Inevitably, the biggest stories in the coming century will be political and environmental – wars, revolutions, and natural disasters always dominate historical memory. But perhaps more than any previous epoch, the 21st century…

The Lighter Side Of The Cloud – Inferiority Complex

The Lighter Side Of The Cloud – Inferiority Complex

By Al Johnson Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates. About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

Sponsored Posts

The Value of Hybrid Cloud

The Value of Hybrid Cloud

The Value of Hybrid Cloud As the “cloud” continues to exert its dominance as the IT technology of the day, the question for many companies focuses on what type of cloud to choose: public, private, or a combination of the two, known as hybrid. Each has its advantages. Private cloud – owned and maintained by…

Contact Us

Contact Us
Sending
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising