Is My Public Cloud Too Public? Part 3

Is My Public Cloud Too Public? Part 3

Continued From Part 2

Backup and Recovery

The backup and recovery policies and procedures of a cloud service may be superior to those of the organization and, if copies are maintained in diverse geographic locations, may be more robust. In many circumstances, data maintained within a cloud can be more available, faster to restore, and more reliable than that maintained in a traditional datacenter. Under such conditions, cloud services could also serve as a means for offsite backup storage for an organization’s datacenter in lieu of more traditional tape-based offsite storage.

Data Concentration

Data maintained and processed in the cloud can present less of a risk to an organization with a mobile workforce than having that data dispersed on portable computers or removable media out in the field, where theft and loss of devices routinely occur. Many organizations have already made the transition to supporting access to organizational data from mobile devices in order to improve workflow management and gain other operational efficiencies.

Besides representing a computing platform or substitute for in-house applications, public cloud services can also be focused on providing security for other computing environments:

Datacenter Oriented

Cloud services can be used to improve the security of datacenters. For example, electronic mail can be redirected to a cloud provider via mail exchange (MX) records. The mail data can be examined and analyzed collectively with similar transactions from other datacenters in order to discover widespread spam, phishing, and malware campaigns, and to carry out remedial action (e.g., quarantining suspect messages and content) more comprehensively than a single organization would be able to do.

Cloud Oriented

Cloud services are also available to improve the security of other cloud environments. Cloud-based identity-management services can be used to augment or replace an organization’s directory service for identification and authentication of cloud users.

The not so good news is…

Besides its many potential benefits for security and privacy, public cloud computing also brings with it potential areas of concern compared to the computing environments found in traditional datacenters. Some of the more fundamental concerns include the following:

System Complexity

A public, cloud-computing environment is extremely complex compared to that of a traditional datacenter. Many components comprise a public cloud, resulting in a large attack surface. Besides components for general computing, such as deployed applications, virtual machine monitors, guest virtual machines, data storage, and supporting middleware, there are also components that comprise the management backplane, such as those for self-service, resource metering, quota management, data replication and recovery, workload management, and cloud bursting. Cloud services themselves may also be realized through nesting and layering together with services from other cloud providers. Components change over time as upgrades and feature improvements occur, complicating matters further.

Shared Multi-tenant Environment

Subscribing organizations typically share components and resources with other subscribers that are unknown to them. With threats to network and computing infrastructure increasing and becoming more sophisticated year on year, sharing an infrastructure with unknown outside parties can be a major drawback for some applications. This will require a high level of assurance regarding the strength of the security mechanisms used for logical separation. While not unique to cloud computing, logical separation is a non-trivial problem that is exacerbated by the scale of cloud computing. Access to organizational data and resources could inadvertently be exposed to other subscribers through a configuration or software errors. An attacker could also pose as a subscriber in order to exploit vulnerabilities from within the cloud environment to gain unauthorized access.

Internet-facing Services

Public cloud services are delivered over the Internet, exposing both the administrative interfaces used to self-service an account and the interfaces for users and applications to access other available services. Applications and data previously accessed from the confines of an organization’s intranet that are moved to the cloud face increased risk from network threats that were previously alleviated at the perimeter of the organization’s intranet. Furthermore, after moving these applications and data to the cloud, they are subject to new threats that target exposed interfaces.

Loss of Control

While security and privacy concerns in cloud computing services are similar to those of traditional non-cloud services, they are augmented by external control over organizational assets and the potential for mismanagement of those assets. Migrating to a public cloud requires a transfer of control to the cloud provider over information and system components that were previously under the organization’s direct control. Loss of control over both the physical and logical aspects of the system and data diminishes the organization’s ability to maintain situational awareness, weigh alternatives, set priorities, and effect changes in security and privacy that are in the best interests of the organization.

Compliance

Many businesses are being drawn into using cloud services by its attractive economics, bypassing IT departments to host their applications and data in the cloud directly. This creates several problems for IT organizations with reduced internal and external control. Business activities multiply the IT department’s compliance challenges, even while legal and compliance departments are expecting the IT departments to be able to report on and demonstrate control over sensitive information. Additionally, a cloud provider’s SAS-70 compliance must be carefully assessed by each enterprise customer to see if the certification meets the compliance policy established by their own enterprise.

Portability between public clouds

While cloud computing conveys a promise of open architecture and easy integration, the early cloud offerings have tended to create security “silos”—users need an Amazon account to use Amazon’s EC2 service and a Google account to access AppEngine applications. Enterprises will require information and identity portability between different clouds so that they can mix and match their services in an open, standards-based environment that permits interoperability.

By Gopan Joshi

Gopan is Product Manager: Cloud Computing Services, Netmagic Solutions Pvt. Ltd. and has expertise in managing products and services in various market scenarios and life cycle stages. His experiences ranges from introducing cutting edge innovations in existing products, existing markets to new technology, new markets

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…