Many businesses hold off from embracing the cloud citing concerns around how secure the service is, even when their bottom lines could benefit from all the other great things the cloud provides. But is the cloud as secure as traditional IT solutions? Or is the question of security simply the wrong one to be asking?
So is the cloud more secure?
Simply put, it can be! Some clouds are inherently more secure than others. This is determined by key infrastructure decisions.
How the networking is done: does your cloud use segregated VLANs for every customers, or are all customers in a single broadcast domain. If you’re looking for greater security, you want to be in your own VLAN.
Firewall considerations: One of the key decisions, which comes down to common sense more than anything else, is how the firewall architecture is laid out. Are your cloud machines directly exposed ot the internet or are they behind a firewall? Do you run addition firewalls inside the machine. Where security is concerned, every layer helps.
What makes a cloud not secure?
It’s always easier as a cloud provider to boast about how a cloud is secure. It’s equally important as the consumer, however, to understand the architecture of the system to determine if the level of security your business needs is properly accommodated for. Some things to look out for are flaws in the hypervisor. Certain inconsistencies can lead to people on the same physical machine potentially escalating their own privileges to the hypervisor to gain access to running memory. It’s possible in some hypervisor versions to escalate privileges so a user can start reading from the memory space and analyzing what other users on the same hypervisor are doing – effectively compromising the integrity and security of the shared cloud.
Another security issue occurs with publishing your own templates, or using other published templates. Its important that when a template is made publically available all confidential information is removed prior to pusing it public. There was a rash template being put out for public use with private account information and other data still accessible on Amazon not too long ago. Some of it was accidental publishing, while some of it was publishing the templates so others could use them without sanitizing data. Either way, ensuring that any shared material is scrubbed is an easy way to ensure data security.
The converse to accidently publishing confidential information in your own templates is using templates that have blatant security violations. When someone creates a template, they can install a rootkit on it. When the template is publsied and consumed, the maker then has access to all the systems using that template. It all comes down to trust. Only use templates from trusted or vetted sources.
What makes the cloud more secure?
Common sense and adherence to traditional best practices really accounts for the highest security a company can rely on within the cloud, or any IT context for that matter. A few best practices include:
- Hardening your operating system
- Ensure network segregation
- Don’t use resources from untrustworthy sources
- Keep a watchful eye in monitor: audit your logs, always looking for unauthorized access
These are all things that often go undone in the cloud because people are moving so quickly that they let these standard best practices fall by the way side. Your cloud can be secure if you approach it with common sense and a good eye towards best practices. Make sure that you have open lines of communication with your cloud provider to ensure that they are aware of your security needs, so both of you can ensure that the protocols and practices to maximize security are constantly being adhered to.