Before we dive into cloud security we must have a glimpse of cloud computing for a better understanding of the challenges in cloud security. THE whole IT industry taking a leap towards cloud and cloud computing provides an inventive business model for industries to espouse IT services without an upfront cost. There are three types of cloud deployment models which are listed below:
The services and infrastructure are upheld on a private network. The goal of a private cloud is not to sell its services to end-users rather than gain the benefits of cloud architecture without giving much control of its data center for various privacy reasons in many regions.
Being private in nature, Private clouds can be expensive when you start to scale. This is why this model is not fit for small or medium-sized businesses and is mostly large enterprises deploy this model. As, Private clouds run over concerns around security and compliance, and keeping assets within the firewall. So, we can assume that it is secured and compliant with various cloud certificates.
This can be defined as where services and infrastructure are offered off-site through the internet. Examples can be Google Compute Engine, Amazon’s EC2 instances, Azure service platform. It is a very economical deployment model because users don’t have to worry about hardware, CPU, architecture, etc. Just run the application using the cloud and serve it as Software as a service.
It is based on pay per model type, so it will cost when any resources are in use and come under paid tier. It may not be a good fit for the organization which is data sensitive. It can have other security challenges like security configuration limits, compliance limits, SLAs related, etc.
In short, it is the fusion of private and public deployment model. There are many situations and companies which want to keep sensitive data or Database in a private cloud but internet-facing application open to the public using a public model.
As we have seen three cloud deployment models above. Now, we will discuss three major cloud computing services, delivery models.
Three major Cloud Services Delivery Models
- Infrastructure as a Service (IaaS)– IaaS delivers the infrastructure like a virtual-machine disk-image library, block, and file-based storage, firewalls, load balancers, IP addresses, virtual local area networks, etc. E.g. DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure.
- Platform as a service (PaaS)– PaaS service model delivers you computing platforms that usually contains OS, programming language execution environment, DB, and Web Server. E.g. AWS Elastic Beanstalk, Microsoft Azure.
- Software as a Service (SaaS) – This service model offers admittance to application services installed at a server. E.g. Microsoft office365, Google docs, Gmail.
Now, we will see what are the practical Challenges in the Cloud Security
Secure your Hypervisor
One of the biggest challenges in cloud security is securing the virtual machine manager, which is basically an interface permitting various operating systems to share single hardware. Hence it is very important to secure the hypervisor. Common methods used for attacking hypervisor are below.
- VM Hijacking
- VM Hopping
- VM Escape
- VM Mobility
Be aware of Botnets
One of the fastest mounting threats among malware is Botnets. As we know that cloud computing is basically nothing but numerous computers connected via the internet which can be accessed anytime from anywhere. Hackers also capitalize on the feature of cloud computing and control some dangerous cloud platforms. These “dark” clouds are known as botnets and they can manage millions of infected machines which are called Bots. With the help of these bots, hackers can easily degrade the business network.
Side Channel Attack
In internet security, the side-channel attack is defined as the attack based on information gained from a configurational and physical architecture of the computer or system. As we all know that the cloud platform is shared between multiple users, hence there is a chance of a side-channel attack on a cloud platform.
CIA- Either it’s a cloud or on-premise platform one of the major concerns for the stakeholders which needs to be addressed is Confidentiality, Integrity, and Availability of the data. In order to tackle this situation data encryption can be a useful method. Data can be encrypted when it is stored as well as at the network level. Cryptographic key management provided by NIST can be used for the development of encryption methods.
Since we all know that cloud is the future of the IT services and industry. Therefore cloud security will be in great demand in near future and also the techniques to tackle those threats. We will cover Cloud Security topics as many as possible for us.
If you like this article, please share and comment your feedback on this.
- https://healthitsecurity.com /
Rakesh is a Solution Architect having 11 years experience in banking domain designing enterprise level applications on Microsoft technologies. He has strong experience working on Azure, SharePoint, PowerApps & Flow.
Apart from technology, I like to play badminton.