Before we dive into the cloud security we must have a glimpse of cloud computing for a better understanding of the challenges in cloud security. Whole IT industry taking a leap towards cloud and cloud computing provides an inventive business model for industries to espouse IT services without upfront cost. There are three types of cloud deployment models which are listed below:
The services and infrastructure are upheld on a private network. The goal of a private cloud is not to sell its services to end users rather than gain the benefits of cloud architecture without giving much control of its data centre for various privacy reasons in many regions.
Being private in nature, Private clouds can be expensive when you start to scale. This is why this model is not fit for the small or medium-sized businesses and is mostly large enterprises deploy this model. As, Private clouds run over concerns around security and compliance, and keeping assets within the firewall. So, we can assume that it is secured and compliant with various cloud certificates.
This can be defined as where services and infrastructure are offered off-site through the internet. Examples can be Google Compute Engine, Amazon’s EC2 instances, Azure service platform. It is very economical deployment model because users don’t have to worry about hardware, CPU, architecture etc. Just run the application using cloud and serve it as Software as a service.
It is based on pay per model type, so it will cost when any resources are in use and come under paid tier. It may not be a good fit for the organization which are data sensitive. It can have another security challenges like security configuration limits, compliance limits, SLAs related etc.
In short, it is the fusion of private and public deployment model. There are many situations and companies which want to keep sensitive data or Database in private cloud but internet facing application open to the public using public model.
As we have seen three cloud deployment models above. Now, we will discuss three major cloud computing service delivery models.
Following are the 3 major Cloud Services Delivery Models
- Infrastructure as a Service (IaaS) – IaaS delivers the infrastructure like virtual-machine disk image library, block and file-based storage, firewalls, load balancers, IP addresses, virtual local area networks etc. E.g. DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure.
- Platform as a service (PaaS) – PaaS service model delivers you computing platforms which usually contains OS, programing language execution environment, DB and Web Server. E.g. AWS Elastic Beanstalk, Microsoft Azure.
- Software as a Service (SaaS) – This service model offers admittance to application services installed at a server. E.g. Microsoft office365, Google docs, Gmail.
Now, we will see what are the practical Challenges in the Cloud Security
Secure your Hypervisor
One of the biggest challenges in cloud security is securing the virtual machine manager, which is basically an interface permitting various operating systems to share a single hardware. Hence it is very important to secure the hypervisor. Below are the few common methods used for attacking hypervisor are.
- VM Hijacking
- VM Hopping
- VM Escape
- VM Mobility
Be aware of Botnets
One of the fastest mounting threats among malware is Botnets. As we know that cloud computing is basically nothing but numerous of computers connected via an internet which can be accessed anytime from anywhere. Hackers also capitalize the feature of cloud computing and control some dangerous cloud platforms. These “dark” clouds are known as botnets and they can manage millions of infected machines which are called as Bots. With the help of these bots, hackers can easily degrade the business network.
Side Channel Attack
In internet security, the side-channel attack is defined as the attack based on information gained from a configurational and physical architecture of the computer or system. As we all know that the cloud platform is shared between multiple users, hence there is a chance of a side-channel attack on a cloud platform.
CIA- Either it’s a cloud or on-premise platform one of the major concerns for the stakeholders which need to be addressed is Confidentiality, Integrity and Availability of the data. In order to tackle this situation data encryption can be a useful method. Data can be encrypted when it is stored as well as at the network level. Cryptographic key management provided by NIST can be used for the development of encryption methods.
Since we all know that cloud is the future of the IT services and industry. Therefore cloud security will be in great demand in near future and also the techniques to tackle those threats. We will cover Cloud Security topics as many as possible for us.
If you like this article please like and share 🙂
- https://www.researchgate.net/profile/Kresimir_Popovic/publication/ 224162841_Cloud_computing_security_issues_and_challenges/links/5694ae1308ae820ff072d1ab.pdf
- https://healthitsecurity.com /
He is MBA in Finance & Operations and having 9.5 years of experience in hi-tech & banking domain and currently working as a Solution Architect.Preparing RFPs and POCs on SharePoint 2010/2013, ASP.NET and other Microsoft Technologies is his main area of work
In line with architect role he also do end to end designing of the system or applications based on Microsoft technologies and azure. More than six years of experience of handling document management system in banking & also performing change management for projects.
During his MBA tenure written dissertation on “Impact of cyber security in digital banking”.
Apart from technology, playing badminton and taking part in marathons (10 KM) are his areas of interest.