The Challenging Implementation of Cloud Security

The Challenging Implementation of Cloud Security

Why do we need a tougher Cloud security today?

Cloud Security

Undeniably, virtual memory has been very useful not only to individual but also to corporate users. But it has been too risky nowadays because of the existence of hackers. Cloud developers must also include a strong cloud security for their clients. This is to guarantee a secure data storage over the internet.

 

Cloud security challenges go all the way to the board

Summary: Less hardware, scalable infrastructure, falling prices and maturing services all make cloud computing very difficult to ignore. Organisations must ensure they don’t also ignore the security challenges of cloud models.

In the rush to take advantage of cloud’s benefits, businesses must properly manage the risks of handing over data, systems, and infrastructure to a third-party.  As with any risk management process this is a challenge for the board as much as for the technical security team.

Security keeps cropping up as a (if not the) major obstacle to cloud adoption — whether it’s applications or infrastructure that is hosted in a private, hybrid or public cloud environment.

But are concerns about security in the cloud misplaced? Evidence in the 2013 Data Breach Incident Report from Verizon (which also owns cloud provider Terramark) suggests it is. Based on 47,000 breach investigations in 2012, Verizon notes that “attacks against virtualisation were not present, but attacks against weakly configured devices that happened to be hosted in an external location were common — but not more common than among internally hosted ones.”

Do CIO’s agree with these facts? Yes and no. For every CIO who believes cloud security concerns are overrated, there’s another who believes cloud security issues are very real.

However, whether security concerns about the cloud are exaggerated or not isn’t the question under discussion here. The key issue for businesses considering moving a workload to the cloud is to quantify and address risks; from assessing which applications or infrastructure can be moved to the cloud with an acceptable level of risk, to how they will be protected once moved.

Cloud security: Same concept, different implementation

While the same concepts behind on-premise security management apply in the cloud, there are nuances in their implementation that may escape the board-level view, but could nonetheless be vital.

For example, customers may find security tools they’re familiar with on-premise are stripped back in the cloud. Network access controls are just one example.

“Network access controls are typically far more basic in the cloud compared to physical architectures, and the tools used to manage the access controls are also more basic. This can lead to poorly implemented network access controls that lead to unnecessary access to systems and services,” said Ty Miller, founder of security firm Threat Intelligence.

“Physical security appliances ensure high performance and can be made highly scalable with low level networking to load balance packets across multiple security devices. Cloud environments are designed to be scalable, but some virtual security devices don’t have the same performance as their hardware equivalent.”

So how should businesses go about security risk management when considering cloud service providers?  Those considering the cloud can be confronted by providers that only offer opaque visibility into how they manage security and data. But isn’t that scenario also true when assessing a provider of closed-source software or an outsourcer that offers assurances based on service level agreements?

The customer needs to build a framework to assess a provider and compare them with rivals but not overburden the provider with assurance requirements. In the end, the rigour of the risk assessment process comes down to the depth of research a buyer is willing to go into ahead of making a commitment.

Read more here>>>

Virtual memory are very useful for files that we need to access wherever we may be. And because of the benefits we get from this service, it is also important that we have cloud security to keep our files protected and secure.

 

Source: Liam Tung

Image Source:  Chris Potter