Vega newsletter is published monthly by Vega BI, and
distributed to our partners to facilitate pursuit of a common interest in
top-notch technologies.
Security in the Cloud is our topic of the month, read an
executive summary on the main
security and privacy issues pertinent to public cloud computing
Security and Privacy Challenges in Public Cloud
While reducing cost is a primary motivation for moving
towards a cloud provider, reducing responsibility for security or privacy
should not be. Ultimately, the organization is accountable for the overall
state of the outsourced service. Monitoring and addressing security and privacy
issues remain in the purview of the organization, just as other important
issues, such as performance, availability, and recovery.
Trust
Under the cloud computing paradigm, an organization
relinquishes direct control over many aspects of security and, in doing so,
confers an unprecedented level of trust onto the service provider.
Points for consideration:
P Insider Access PComposite Services P Visibility PRisk Management
Architecture
The systems
architecture of the software systems used to deliver cloud services comprises
hardware and software residing in the cloud. The physical location of the
infrastructure is determined by the service provider as is the implementation
of reliability and scalability logic of the underlying support framework.
Points for consideration:
P Attack Surface P Virtual Network Protection
P Ancillary Data P Client-Side Protection PServer-Side Protection
Identity
Management
Data sensitivity and
privacy of information have increasingly become a concern for organizations,
and unauthorized access to information resources in the cloud is a major issue.
Points for consideration:
P Authentication PAccess Control
Software
Isolation
High degrees of
multi-tenancy over large numbers of platforms are needed for cloud computing to
achieve the envisioned flexibility of on-demand provisioning of reliable
services and the cost benefits and efficiencies due to economies of scale. It
is important to note that applications deployed on guest VMs remain susceptible
to attack and compromise.
Points for consideration:
P Hypervisor Complexity PAttack Vectors
Data
Protection
Data stored in the
cloud typically resides in a shared environment collocated with data from other
customers. Organizations moving sensitive and regulated data into the cloud,
therefore, must account for the means by which access to the data is controlled
and the data is kept secure.
Points for consideration:
P Data Isolation PData Sanitization P Data Location
Availability
In simple terms,
availability means that an organization has its full set of computing resources
accessible and usable at all times. Availability can be affected temporarily or
permanently, and a loss can be partial or complete. Denial of service attacks, equipment
outages, and natural disasters are all threats to availability.
Points for consideration:
P Temporary Outages PProlonged and Permanent OutagesP Denial of ServiceP Value Concentration
Conclusion
In emphasizing the cost
and performance benefits of the cloud, some fundamental security problems have
receded into the background and been left unresolved. Several critical pieces
of technology, such as a solution for federated trust, are not yet fully realized,
impinging on successful deployments. Determining the security of complex
computer systems is also a long-standing security problem that overshadows
large scale computing in general. Security of the cloud infrastructure relies
on trusted computing and cryptography. Organizational data must be protected in
a manner consistent with policies, whether in the organization’s computing
center or the cloud.