Is My Public Cloud Too Public? Part 3

Is My Public Cloud Too Public? Part 3

Continued From Part 2

Backup and Recovery

The backup and recovery policies and procedures of a cloud service may be superior to those of the organization and, if copies are maintained in diverse geographic locations, may be more robust. In many circumstances, data maintained within a cloud can be more available, faster to restore, and more reliable than that maintained in a traditional datacenter. Under such conditions, cloud services could also serve as a means for offsite backup storage for an organization’s datacenter in lieu of more traditional tape-based offsite storage.

Data Concentration

Data maintained and processed in the cloud can present less of a risk to an organization with a mobile workforce than having that data dispersed on portable computers or removable media out in the field, where theft and loss of devices routinely occur. Many organizations have already made the transition to supporting access to organizational data from mobile devices in order to improve workflow management and gain other operational efficiencies.

Besides representing a computing platform or substitute for in-house applications, public cloud services can also be focused on providing security for other computing environments:

Datacenter Oriented

Cloud services can be used to improve the security of datacenters. For example, electronic mail can be redirected to a cloud provider via mail exchange (MX) records. The mail data can be examined and analyzed collectively with similar transactions from other datacenters in order to discover widespread spam, phishing, and malware campaigns, and to carry out remedial action (e.g., quarantining suspect messages and content) more comprehensively than a single organization would be able to do.

Cloud Oriented

Cloud services are also available to improve the security of other cloud environments. Cloud-based identity-management services can be used to augment or replace an organization’s directory service for identification and authentication of cloud users.

The not so good news is…

Besides its many potential benefits for security and privacy, public cloud computing also brings with it potential areas of concern compared to the computing environments found in traditional datacenters. Some of the more fundamental concerns include the following:

System Complexity

A public, cloud-computing environment is extremely complex compared to that of a traditional datacenter. Many components comprise a public cloud, resulting in a large attack surface. Besides components for general computing, such as deployed applications, virtual machine monitors, guest virtual machines, data storage, and supporting middleware, there are also components that comprise the management backplane, such as those for self-service, resource metering, quota management, data replication and recovery, workload management, and cloud bursting. Cloud services themselves may also be realized through nesting and layering together with services from other cloud providers. Components change over time as upgrades and feature improvements occur, complicating matters further.

Shared Multi-tenant Environment

Subscribing organizations typically share components and resources with other subscribers that are unknown to them. With threats to network and computing infrastructure increasing and becoming more sophisticated year on year, sharing an infrastructure with unknown outside parties can be a major drawback for some applications. This will require a high level of assurance regarding the strength of the security mechanisms used for logical separation. While not unique to cloud computing, logical separation is a non-trivial problem that is exacerbated by the scale of cloud computing. Access to organizational data and resources could inadvertently be exposed to other subscribers through a configuration or software errors. An attacker could also pose as a subscriber in order to exploit vulnerabilities from within the cloud environment to gain unauthorized access.

Internet-facing Services

Public cloud services are delivered over the Internet, exposing both the administrative interfaces used to self-service an account and the interfaces for users and applications to access other available services. Applications and data previously accessed from the confines of an organization’s intranet that are moved to the cloud face increased risk from network threats that were previously alleviated at the perimeter of the organization’s intranet. Furthermore, after moving these applications and data to the cloud, they are subject to new threats that target exposed interfaces.

Loss of Control

While security and privacy concerns in cloud computing services are similar to those of traditional non-cloud services, they are augmented by external control over organizational assets and the potential for mismanagement of those assets. Migrating to a public cloud requires a transfer of control to the cloud provider over information and system components that were previously under the organization’s direct control. Loss of control over both the physical and logical aspects of the system and data diminishes the organization’s ability to maintain situational awareness, weigh alternatives, set priorities, and effect changes in security and privacy that are in the best interests of the organization.

Compliance

Many businesses are being drawn into using cloud services by its attractive economics, bypassing IT departments to host their applications and data in the cloud directly. This creates several problems for IT organizations with reduced internal and external control. Business activities multiply the IT department’s compliance challenges, even while legal and compliance departments are expecting the IT departments to be able to report on and demonstrate control over sensitive information. Additionally, a cloud provider’s SAS-70 compliance must be carefully assessed by each enterprise customer to see if the certification meets the compliance policy established by their own enterprise.

Portability between public clouds

While cloud computing conveys a promise of open architecture and easy integration, the early cloud offerings have tended to create security “silos”—users need an Amazon account to use Amazon’s EC2 service and a Google account to access AppEngine applications. Enterprises will require information and identity portability between different clouds so that they can mix and match their services in an open, standards-based environment that permits interoperability.

By Gopan Joshi

Gopan is Product Manager: Cloud Computing Services, Netmagic Solutions Pvt. Ltd. and has expertise in managing products and services in various market scenarios and life cycle stages. His experiences ranges from introducing cutting edge innovations in existing products, existing markets to new technology, new markets

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Fintech Exploiting AI and Blockchain Technology

Fintech Exploiting AI and Blockchain Technology

AI and Blockchain Technology The field of artificial intelligence (AI) had progressed rapidly in the last ten years, though first recognized in the 1950s. From autonomous motor vehicles to digital personal assistants, the technology is making its way into a variety of industries, enabling better task automation, language processing, and data analytics. But more recently,…

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing infrastructure. The many perks of cloud services, such as the ability to quickly scale resources without the upfront cost of buying physical servers, have helped build a multibillion-dollar cloud industry that continues to grow each…

What’s On The Horizon For Cloud Computing

What’s On The Horizon For Cloud Computing

Cloud Computing Trends Now that we are a little more than halfway through 2016, many experts are beginning to make their predictions about cloud computing for the rest of the year and beyond. While many of the trends aren’t too unexpected (the ever increasing acceptance of cloud solutions by businesses, for instance) other trends are…

Tesla Solar Plan Would Cost Billions To Implement

Tesla Solar Plan Would Cost Billions To Implement

A 1,500-word manifesto that Elon Musk unveiled last week, outlining his plan to expand Tesla Motors Inc.’s electric-vehicle line and to build “stunning solar roofs,” may end up costing the company tens of billions of dollars to carry out. Musk, Tesla’s chairman and chief executive officer, gave the estimate on Tuesday after a tour of the…

Healthcare IoT Security To Grow To $47 Billion In 2021

Healthcare IoT Security To Grow To $47 Billion In 2021

Healthcare IoT Security It’s obvious that IoT can make the entire healthcare industry more efficient. The kind of data involved can be used to save time, physical energy and operating costs. Because of this, devices that facilitate medical data are becoming more commonplace in the industry. This includes things such as wearables that can track…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Cloud Comings and Goings

Cloud Comings and Goings

Cloud Power Amazon Web Services – the giant of cloud computing – is on track to do $10 Billion in revenue this year. Yet, rumors swirl that Apple may take a huge chunk of business away from them and Dropbox has definitely left AWS. Is something wrong at AWS? Wait, Salesforce.com (SFDC) – the granddaddy of…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility A CIO friend of mine once told me that a hybrid cloud model enables him to “own the base, rent the spike” when it comes to unplanned events. Let’s face it – maintaining unused infrastructure for rare or random IT events is expensive and unnecessary in a cloud…

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

Five Cloud Questions Every CIO Needs To Know How To Answer

Five Cloud Questions Every CIO Needs To Know How To Answer

The Hot Seat Five cloud questions every CIO needs to know how to answer The cloud is a powerful thing, but here in the CloudTweaks community, we already know that. The challenge we have is validating the value it brings to today’s enterprise. Below, let’s review five questions we need to be ready to address…

The Cloud Above Our Home

The Cloud Above Our Home

Our Home – Moving All Things Into The Cloud The promise of a smart home had excited the imagination of the movie makers long ago. If you have seen any TV shows in the nineties or before, the interpretation presented itself to us as a computerized personal assistant or a robot housekeeper. It was smart,…