Security in the Cloud 

We will publish a series of blog posts on Cloud Security. This is the first blog post in the series.

One of the ‘security-as-a-service’ providers conducted a survey of their 2,200 customers about cyber-attacks. The results are startling, they reveal that cyber-attacks on cloud environments are increasing at an alarming level as more and more enterprises move their data to the public cloud.  According to the report, as more and more enterprises transfer their data and processing activities to the cloud, traditional on-premises cyber-attacks have also moved to the cloud. The report highlights a 14 percentage points year-on-year increase in brute force attacks while vulnerability scans on cloud setups have risen by 17 percentage points year-on-year. More info about the report can be found here.

 

Truly, enterprises and businesses have always been reluctant to move away from traditional IT to adopt cloud model. They always were skeptical about data security, and their doubt is genuine whether the data is protected to the same levels as in an on-premises setup.

 

This topic brings us to a very important point: Who controls the data that is hosted in the cloud? Before the Public Cloud came into the picture, enterprise data was safe within the premises and IT could have complete control over it. Now with the cloud, data is under the organizational control, but it rests elsewhere physically and is managed by someone else.

 

Questions such as the following arise:

  • When some outside party controls and manages infrastructure and resources, how can an organization’s data remain private and secure?
  • How secure is my data when multiple tenants share the same infrastructure?
  • Is the recycled disk space maintained properly? What about the existing data, is it erased completely?
  • Can the other tenant X read the disk blocks that contain my data, once I release a virtual disk to tenant X?
  • Network exposure on the private Subnet? Is the network segmented enough to ensure that my network is safe from spoofing?
  • Are there any standard guidelines for compliance and auditing?
  • How safe is my confidential data which deals with Government and other influential bodies?
  • What are issues with respect to customer / employee / individual privacy?

 

You  can share your answers / ideas / solutions in the comment box.

We are waiting for your response…