The Lighter Side Of The Cloud –  Size Matters
The Lighter Side Of The Cloud: Someday
The Lighter Side Of The Cloud – Clandestine

Is My Public Cloud Too Public? Part 3

Is My Public Cloud Too Public? Part 3

Continued From Part 2

Backup and Recovery

The backup and recovery policies and procedures of a cloud service may be superior to those of the organization and, if copies are maintained in diverse geographic locations, may be more robust. In many circumstances, data maintained within a cloud can be more available, faster to restore, and more reliable than that maintained in a traditional datacenter. Under such conditions, cloud services could also serve as a means for offsite backup storage for an organization’s datacenter in lieu of more traditional tape-based offsite storage.

Data Concentration

Data maintained and processed in the cloud can present less of a risk to an organization with a mobile workforce than having that data dispersed on portable computers or removable media out in the field, where theft and loss of devices routinely occur. Many organizations have already made the transition to supporting access to organizational data from mobile devices in order to improve workflow management and gain other operational efficiencies.

Besides representing a computing platform or substitute for in-house applications, public cloud services can also be focused on providing security for other computing environments:

Datacenter Oriented

Cloud services can be used to improve the security of datacenters. For example, electronic mail can be redirected to a cloud provider via mail exchange (MX) records. The mail data can be examined and analyzed collectively with similar transactions from other datacenters in order to discover widespread spam, phishing, and malware campaigns, and to carry out remedial action (e.g., quarantining suspect messages and content) more comprehensively than a single organization would be able to do.

Cloud Oriented

Cloud services are also available to improve the security of other cloud environments. Cloud-based identity-management services can be used to augment or replace an organization’s directory service for identification and authentication of cloud users.

The not so good news is…

Besides its many potential benefits for security and privacy, public cloud computing also brings with it potential areas of concern compared to the computing environments found in traditional datacenters. Some of the more fundamental concerns include the following:

System Complexity

A public, cloud-computing environment is extremely complex compared to that of a traditional datacenter. Many components comprise a public cloud, resulting in a large attack surface. Besides components for general computing, such as deployed applications, virtual machine monitors, guest virtual machines, data storage, and supporting middleware, there are also components that comprise the management backplane, such as those for self-service, resource metering, quota management, data replication and recovery, workload management, and cloud bursting. Cloud services themselves may also be realized through nesting and layering together with services from other cloud providers. Components change over time as upgrades and feature improvements occur, complicating matters further.

Shared Multi-tenant Environment

Subscribing organizations typically share components and resources with other subscribers that are unknown to them. With threats to network and computing infrastructure increasing and becoming more sophisticated year on year, sharing an infrastructure with unknown outside parties can be a major drawback for some applications. This will require a high level of assurance regarding the strength of the security mechanisms used for logical separation. While not unique to cloud computing, logical separation is a non-trivial problem that is exacerbated by the scale of cloud computing. Access to organizational data and resources could inadvertently be exposed to other subscribers through a configuration or software errors. An attacker could also pose as a subscriber in order to exploit vulnerabilities from within the cloud environment to gain unauthorized access.

Internet-facing Services

Public cloud services are delivered over the Internet, exposing both the administrative interfaces used to self-service an account and the interfaces for users and applications to access other available services. Applications and data previously accessed from the confines of an organization’s intranet that are moved to the cloud face increased risk from network threats that were previously alleviated at the perimeter of the organization’s intranet. Furthermore, after moving these applications and data to the cloud, they are subject to new threats that target exposed interfaces.

Loss of Control

While security and privacy concerns in cloud computing services are similar to those of traditional non-cloud services, they are augmented by external control over organizational assets and the potential for mismanagement of those assets. Migrating to a public cloud requires a transfer of control to the cloud provider over information and system components that were previously under the organization’s direct control. Loss of control over both the physical and logical aspects of the system and data diminishes the organization’s ability to maintain situational awareness, weigh alternatives, set priorities, and effect changes in security and privacy that are in the best interests of the organization.

Compliance

Many businesses are being drawn into using cloud services by its attractive economics, bypassing IT departments to host their applications and data in the cloud directly. This creates several problems for IT organizations with reduced internal and external control. Business activities multiply the IT department’s compliance challenges, even while legal and compliance departments are expecting the IT departments to be able to report on and demonstrate control over sensitive information. Additionally, a cloud provider’s SAS-70 compliance must be carefully assessed by each enterprise customer to see if the certification meets the compliance policy established by their own enterprise.

Portability between public clouds

While cloud computing conveys a promise of open architecture and easy integration, the early cloud offerings have tended to create security “silos”—users need an Amazon account to use Amazon’s EC2 service and a Google account to access AppEngine applications. Enterprises will require information and identity portability between different clouds so that they can mix and match their services in an open, standards-based environment that permits interoperability.

By Gopan Joshi

Gopan is Product Manager: Cloud Computing Services, Netmagic Solutions Pvt. Ltd. and has expertise in managing products and services in various market scenarios and life cycle stages. His experiences ranges from introducing cutting edge innovations in existing products, existing markets to new technology, new markets

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

2 Responses to Is My Public Cloud Too Public? Part 3

  1. Reminded of Christian Verstraete’s (HP) “… little cloud cheat sheet” http://bit.ly/JCgDNe which identifies some questions to ask when considering the public cloud, which inevitably is at least some part of a likely public/private/hybrid/converged cloud infrastructure.
     
    Questions to ask, which parallel many of the (“not so good news”) items above, include: Where is the service delivered from?; Who is involved in delivering the service?; Where is the data located?; How can I get the data back in case of decommissioning of the service?; Who owns the data while it is used by the service?; What security processes & procedures are in place?; What responsibility is the service provider taking?; How are you kept informed in case of issues?; What privacy policies is the service provider subscribing to and how do they manages the user information?; What happens if your service provider is acquired or goes bankrupt?
     
    –Paul Calento http://bit.ly/paul_calento
     

  2.  @pcalento To answer some of the concerns:
    – Check whether your cloud provider will accommodate your own security practices and policies;
    – Look for an independent security audit of the host;
    – Ask your service provider where the data will reside and how it is secured. Based on the geographic location, check data protection laws in the relevant jurisdictions.
    – Deal with cloud service providers that have excellent record in security and those having security certifications
    – Inspect public cloud provider physical security and staff vetting controls
    – Check your provider monitoring systems and processes
    – Check SLA, its availability, and penalties

Popular Archives

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility A CIO friend of mine once told me that a hybrid cloud model enables him to “own the base, rent the spike” when it comes to unplanned events. Let’s face it – maintaining unused infrastructure for rare or random IT events is expensive and unnecessary in a cloud…

5 Surprising Ways Cloud Computing Is Changing Education

5 Surprising Ways Cloud Computing Is Changing Education

Cloud Computing Education The benefits of cloud computing are being recognized in businesses and institutions across the board, with almost 90 percent of organizations currently using some kind of cloud-based application. The immediate benefits of cloud computing are obvious: cloud-based applications reduce infrastructure and IT costs, increase accessibility, enable collaboration, and allow organizations more flexibility…

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips Businesses continue to adopt the cloud at break neck speed. Inherent benefits like lower operational costs, no infrastructure overheads, and quick access to better technology make cloud a very attractive proposition for businesses, especially start-ups and SMEs. However moving from legacy to the cloud environment has its…

Five Signs The Internet of Things Is About To Explode

Five Signs The Internet of Things Is About To Explode

The Internet of Things Is About To Explode By 2020, Gartner estimates that the Internet of Things (IoT) will generate incremental revenue exceeding $300 billion worldwide. It’s an astoundingly large figure given that the sector barely existed three years ago. We are now rapidly evolving toward a world in which just about everything will become…

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

Recent

Cloud Security Hottest Issue At RSA

Cloud Security Hottest Issue At RSA

Cloud Security Hottest Issue The integral integration of cyber security and cloud technology seemed to be the hottest issue at the busy RSA 2015 Conference in San Francisco. Interested parties packed security and cloud service booths for the duration of the conference. Several prominent publications covered the increased importance of securing their private information that’s…

Imperfect Security: The RSA Conference And The Illusion Of Safety

Imperfect Security: The RSA Conference And The Illusion Of Safety

The RSA Conference And The Illusion Of Safety This year’s 2015 RSA Conference is taking place from April 20th to 24th, in San Francisco, California. Here, security leaders from across the vast expanse of tech, politics, and more will gather to discuss the past, present, and future of security. From application security to technology infrastructure,…

The Lighter Side Of The Cloud – Day 5

The Lighter Side Of The Cloud – Day 5

By David Fletcher Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates. About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

Contact Us

Sending

Technology Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising