Friday, April 7, 2017

Security and the cloud

Security issues associated with the cloud[edit]

Cloud computing and storage provides users with capabilities to store and process their data in third-party data centers.[1] Organizations use the cloud in a variety of different service models (with acronyms such as SaaSPaaS, and IaaS) and deployment models (privatepublichybrid, and community).[2] Security concerns associated with cloud computing fall into two broad categories: security issues faced by cloud providers (organizations providing software-platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud).[3] The responsibility is shared, however. The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.
When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a recent Cloud Security Alliance Report, insider attacks are the sixth biggest threat in cloud computing.[4]Therefore, Cloud Service providers must ensure that thorough background checks are conducted for employees who have physical access to the servers in the data center. Additionally, data centers must be frequently monitored for suspicious activity.
In order to conserve resources, cut costs, and maintain efficiency, Cloud Service Providers often store more than one customer's data on the same server. As a result, there is a chance that one user's private data can be viewed by other users (possibly even competitors). To handle such sensitive situations, cloud service providers should ensure proper data isolation and logical storage segregation.[2]
The extensive use of virtualization in implementing cloud infrastructure brings unique security concerns for customers or tenants of a public cloud service.[5] Virtualization alters the relationship between the OS and underlying hardware - be it computing, storage or even networking. This introduces an additional layer - virtualization - that itself must be properly configured, managed and secured.[6] Specific concerns include the potential to compromise the virtualization software, or "hypervisor". While these concerns are largely theoretical, they do exist.[7] For example, a breach in the administrator workstation with the management software of the virtualization software can cause the whole datacenter to go down or be reconfigured to an attacker's liking.

I personally am a little cautious about the cloud but the use of it is so strong today that security issues might arise. Most of us smaller companies probably are not targets of hackers in the cloud but those big boys certainly are. Let us take that if yo could get .01 from every bank in the world how rich would you be? Think about it would a bank even know or care? So this is a potential problem if your company was hacked in the cloud and maybe lost just a few dollars, just a few would you even know?  Well enough of that more to come, just be vigilant.

Joe Rossini

No comments: