New Big Data Taxonomy Report by Cloud Security Alliance

 Big Data, Cloud Computing, Cloud Computing News, Cloud Computing Security  Comments Off on New Big Data Taxonomy Report by Cloud Security Alliance
Sep 202014

Cloud Security Alliance Releases New Big Data Taxonomy Report

Working Group Issues Comprehensive Report to Aid Understanding and Decision Making in Big Data Technology

SAN JOSE, Calif., Sept. 18, 2014 /PRNewswire-USNewswire/ — CSA Congress 2014The Cloud Security Alliance (CSA) Big Data Working Group today released the Big Data Taxonomy Report, a new guidance report that aims to help decision makers understand and navigate the myriad choices within the big data designation, including data domains, compute and storage infrastructures, data analytics, visualization, security and privacy.

New Big Data Taxonomy Report by Cloud Security Alliance

New Big Data Taxonomy Report by Cloud Security Alliance

Every day, 2.5 quintillion bytes of data are created –  90% of the data in the world today has been created in the last two years alone. The issues of storing, computing, security, privacy and analytics are all magnified by the velocity, volume, and variety of big data, such as large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration.

Big data infrastructure and methodology continue to evolve at a fast pace, but the underlying technologies were, in many cases, invented many years ago. In an effort to help IT decision makers make better, more informed choices associated with these technologies, theCSA Big Data Working Group has created a 40-page guidance report that outlines the six dimensions that arise from the key aspects needed to establish a big data infrastructure. The big data taxonomy includes data domains, compute infrastructure, storage infrastructure, analytics, visualization, security and privacy.

“All ‘data’ is not equivalent, yet we often find users treating all data components similarly, as they are uncertain as to how to address issues such as latency, or structured verses unstructured data,” said Sreeranga Rajan, chair of the Big Data Working Group.  “We hope this report brings clarity to the big data taxonomy, and provides much needed education to help users make better decisions in their own environments.”

In the report, each domain is categorized according to how data arises to help decision makers understand the infrastructure choices and requirements for particular types of data. The report also addresses each particular domain in which data arises, to help organizations determine the types of architecture that will be required to store it, process it, and perform analytics on it.

Rajan goes on to add, “The greatly increased digitization of human activity and machine-to-machine communications, combined with large-scale, inexpensive hardware, is making practical many previously academic ideas of parallel and distributed computing, along with new considerations necessary to make them even more useful in real world applications.”

The Big Data Taxonomy Report is a result of the CSA Big Data working group, chaired by Sreeranga Rajan of Fujitsu, and co-chaired by Neel Sundaresan of eBay
and Wilco van Ginkel of Verizon.

To access the report visit Individuals interested in becoming part of the working group can visit

Cloud Security Alliance Congresses continue to be the industry’s premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering best practices and practical solutions for remaining secure in the cloud, CSA Congresses give attendees exposure to industry-specific case studies that will help them learn and leverage best practices used by their peers in moving to a secure cloud.

About the Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at, and follow us on Twitter @cloudsa.

Logo –

SOURCE Cloud Security Alliance


News Release Source :

Cloud Security Alliance Releases SDP Framework Details

 Advanced Cloud Computing, Cloud Computing Security  Comments Off on Cloud Security Alliance Releases SDP Framework Details
Dec 062013

Cloud Security Alliance Releases Software Defined Perimeter (SDP) Framework Details

New White Paper Outlines Best Practices to Deploy an SDP to Protect Application Infrastructure from Network-based Attacks

ORLANDO, Fla., Dec. 5, 2013 /PRNewswire-USNewswire/ –CSA Congress 2013  The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced the release of the Software Defined Perimeter Reporta new white paper report that explains the Software Defined Perimeter (SDP) security framework and how it can be deployed to protect application infrastructures from network-based attacks. Bob Flores, former CTO of the Central Intelligence Agency (CIA), will unveil further details of the SDP initiative at afireside chat keynote this afternoon, at 4:00 pm ET, hosted by CSA Executive Director Jim Reavis.

Cloud Security Alliance Releases Software Defined Perimeter (SDP) Framework Details

Cloud Security Alliance Releases Software Defined Perimeter (SDP) Framework Details


The Software Defined Perimeter (SDP) Initiative is a new CSA project aimed at developing an architecture for securing the “Internet of Things” by using the cloud to create highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.  By incorporating security standards from organizations such as NIST as well as security concepts from organizations such as the U.S. Department of Defense (DoD), the SDP works to mitigate network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized.   The initiative is being led by Flores, former CTO of the CIA and President & CEO at Applicology Incorporated and Junaid Islam, founder and CTO of Vidder Technology.

“This paper is the first step in providing enterprises with a high-level approach to understanding how to best protect their application infrastructure from network-based attacks,” said Islam.  “The traditional perimeter model has rapidly become obsolete and the growth of devices moving inside the perimeter along with the migration of application resources to outside the perimeter has stretched the traditional security model.  A new approach is needed that enables application owners to protect infrastructure wherever it may be.”

The white paper includes details on the Software Defined Perimeter (SDP) architecture, its implementation and applications, and its relationship to certain industry standards and protocols. The report also addresses the working group’s scope, purpose and deliverables.  The Software Defined Perimeter (SDP) is a collaboration between some of the world’s largest users of cloud computing within CSA’s Enterprise User Council.  It is being designed to be highly complementary to Software Defined Networks (SDN), the popular network layer construct which decouples routing and architectural decisions from the underlying equipment to create virtual networks.

Detailed information about CSA’s Software Defined Perimeter (SDP) initiative and a prototype demonstration will also be delivered at the CSA Congress Architecture Workshop being held on December 6, 2013 from 9:00 am – 5:00 pm in Orlando, Florida.

About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at, and follow us on Twitter @cloudsa.

SOURCE Cloud Security Alliance

Cloud Security 2013: Companies and Solutions

 Cloud Computing Security  Comments Off on Cloud Security 2013: Companies and Solutions
Nov 192013

Cloud Security 2013: Companies and Solutions

NEW YORK, Nov. 18, 2013 /PRNewswire/ — announces that a new market research report is available in its catalogue:

Cloud Security 2013: Companies and Solutions


Cloud security is the set of security protocols and technologies that protect the cloud resources and the integrity of data stored in a cloud computing environment. Cloud security differs from traditional computer security in that it is not focused on preventing access to specific machines.

Cloud Security 2013: Companies and Solutions

Cloud Security 2013: Companies and Solutions

This report provides information about cloud computing environment including types of cloud computing models, challenges facing cloud computing, best practices for cloud security, and analysis of key players in cloud security industry. The report provides an overview of key security components of popular cloud security solutions including architecture and capabilities. The report also provides a market outlook and view into the future of cloud security.

Report Benefits: 

Understand the basics of cloud computing
Evaluation of cloud security companies and their solutions
Identify key practices of cloud security vendors and customers
Understand cloud computing environment, benefits and challenges
Identify the evolution of cloud to content, applications, content, and communications
Understand cloud security solutions including components, architecture and capabilities

Target Audience:

Telecom service providers
Security solutions providers
Content and application providers
Datacenter and hosting companies
Cloud services (SaaS, IaaS, PaaS) companies
Companies involved with SDN and virtualization

Companies in Report: 

Storage-as-a-service 6
Database-as-a-service 7
Information-as-a-service 7
Business-Process-as-a-Service 7
Application-as-a-service 7
Platform-as-a-service 7
Integration-as-a-service 7
Security-as-a-service 7
Management-as-a-service 8
Testing-as-a-service 8
Infrastructure-as-a-service 8
Expand scalability 8
Lower infrastructure costs 8
Increase utilization 8
Improve end-user productivity 9
Improve reliability 9
Increase security 9
Saving Effort for IT Tasks 9
Gain access to more sophisticated applications 9
Save energy 9
Isolation of networks 11
Isolation of management networks 11
Isolation of customer data networks 11
Secure customer access to cloud-based resources 12
Secure, consistent backups and restoration of cloud-based resources 12
Strong authentication, authorization and auditing mechanisms 12
A library of secure and up-to-date templates of base OS and applications 12
Follow standard best practices for securing operating systems 12
Encrypt critical data 13
Barracuda Web Security 14
Cloud Security Solution – InstantOn 16
Cisco Cloud Security Solution 17
Citrix Cloud infrastructure solutions 19
Expedient cloud computing solutions 20
HyTrust Appliance 21
Mcafee Cloud Security Platform 24
OpSource Cloud Hosting 25
Cloud Computing 33
Beyond Computing: Content, Apps, Commerce, and Communications 33
Content 34
Applications 34
Commerce 35
Communications 37
Cloud Solution types 38
Private Clouds 38
Community Clouds 39
Public Cloud 39
Hybrid Cloud 39
General Security Concerns in the Cloud 40
Dos Attack 40
Bounce Attack 41
Personalization 41
Media specific Attack 41
Malicious Code Injection 41
Case Examples: Security Applications and Content as a Service 42
App Store Security 42
Security Management: 42
Identification management 43
Authentication and Authorization 43
Individual Privacy: 43
Data storage 43

To order this report: Cloud Security 2013: Companies and Solutions

Contact Clare:
US: (339)-368-6001
Intl: +1 339-368-6001


SOURCE Reportlinker


Steps to Safe Cloud Services Adoption

 Cloud Computing Security  Comments Off on Steps to Safe Cloud Services Adoption
Aug 142013

Steps to Safe Cloud Services Adoption

Author: skyhighnetworks

Enterprises Cloud SaaS and IaaS are an unstoppable force sweeping through organizations large and small at a breakneck pace. The rapid adoption has allowed anyone in an organization with a Web browser and an Internet connection to take over (and pay for) traditional IT department functions such as email, storage and backup, and collaboration tools. As a result of this rapid shift, IT consultancy Gartner estimates that by 2015, 35of IT spending will come from budgets outside of the IT department. That figure will grow to 90by the end of the decade.  The benefits of these fast-growing cloud services are undeniable and include service agility; wider choice of products; ease of collaboration; fast, cheap deployment, and swapping fixed capital expenditures for variable operating costs that can be ratcheted up or down to meet demand. While enterprises have long leveraged traditional cloud services such as and Office 365, employees increasingly use popular but lesser known services, such as Evernote (social bookmarking and document sharing) and Prezi (online presentation tools). They also log into SaaS services while at work for personal needs including photo sharing (Instagram), and social media (Twitter). To quickly build and test applications, developers at enterprises rely on cloud IaaS products such as Amazon Web Services, Rackspace and Heroku. From developers to marketers to salespeople, employees are accessing and using these cloud services with or without their IT department’s permission or knowledge.

Steps to Safe Cloud Services Adoption

Steps to Safe Cloud Services Adoption

Few, if any, CIOs know exactly how many services are in use on their networks, let alone which services are in use. According to a Jan. 2013 survey undertaken by Symantec[2], 77of businesses have suffered rogue cloud deployments or unauthorized uses of cloud services. This lack of information means that IT organizations have no way to secure their networks against risky services or manage and mandate safe cloud service use by employees. IT organizations also struggle to maintain cost control over cloud services and to unify cloud service usage under more economical enterprise-wide contracts.  Some of the world’s largest financial, health care and technology enterprises have successfully deployed Skyhigh Networks\’ Cloud Services Manager product suite to leverage the benefits of cloud services and manage employee usage while minimizing the security risks and controlling costs.

Gain Visibility

The first step towards controlling cloud service usage and minimizing cloud services risk is to gain complete visibility into which services employees are already using. This is no simple task. Estimates of the total number of cloud services functioning right now range from ~2000 to over 5,000. New cloud services emerge every day. Any new application coming onto the market has a significant cloud component for backup and synchronization, at a minimum. It is also important to understand the breadth of the cloud services universe. For example, if an employee visits a popular industry blog and writes a comment, chances are that the employee has registered and then logged into Disqus, the most popular blog commenting platform. Disqus is actually a cloud service. An employee working on an open source software project probably uses the GitHub repository system to store source code. This is another major cloud service that flies under the radar.  Popularity of cloud services varies significantly by region and by platform. While DropBox is a popular sharing platform in the U.S., in Eastern Europe a service called 4Share is far more popular. For these reasons, establishing a solid cloud services policy and management strategy requires complete visibility and understanding of cloud service usage.

The only way to attain this visibility is through detailed log-file analysis, mapping back services accessed to business units and individual users. Initially, this is a ‘snapshot’ that provides a baseline of cloud services accessed by employees. Log-file analysis alone is not sufficient. The analysis must be pushed into a simple-to-consume dashboard that allows lesser trained IT administrators to view a list of all services running and key details about those services (type of service, location of physical servers, potential risks of service, etc). For any cloud services management strategy to remain effective over extended periods, the snapshotting process must be moved towards a regularly discovery period done weekly, daily, hourly or even in real-time. This is essential because the cloud services landscape is evolving very quickly and a log-file analysis has a very short half-life both in terms of services accessed but also risk profiles of the specific services and even service details (ports accessed, types of service calls, communications protocols used).

Gain Service Insight and Analysis

The second step towards putting in place a strong cloud services management strategy is gaining insights into which services present the most risks. This is possible and relatively simple once an IT organization has obtained full discovery of all services in use. At that point, the IT security team should bucket the services into broad categories in order to compare similar services and perform comparative risk analyses. For example, employees in one unit may be using while those in another use Google Drive while those in another use SugarSync and 4Share. may present a very low risk while 4Shared is a very high risk. SugarSync, in comparison may be an acceptable risk. Once those risk assessments are completed, IT and cloud security services managers should identify the services with the lowest risk in a category and consider establishing a commercial relationship with the provider. With or without such a relationship, the IT security team can promote the lesser risk services across your employee pool while discouraging or blocking the use of higher risk services in the same category.  Just like the log-file analysis and visibility exercises, cloud services risk assessment is a continuous activity that may require temporary halts or lockdowns on specific services. For example, the recent password breach at Evernote increased risk of that service until the breach was addressed.[3] Enterprises using Evernote should have reassessed their Evernote usage to minimize their risk exposure.

Article Source:

About the Author

By sequentially following the methodology explained in this article, CIOs can quickly gain control of their cloud services exposure. More importantly, CIOs can transform their role inside the organization from that of a naysayer to a business enabler and an inclusive contributor to improved business operations via smarter cloud services usage and proactive cloud service selection.  A well-executed cloud services strategy, used in conjunction with specialized tools such as Skyhigh Networks’ Cloud Security Manager, can deliver significant business benefits while actually improving enterprise IT security through full transparency and visibility. for more details visit

How to protect encrypt data and avoid data loss prevention on cloud

 Cloud Computing Security  Comments Off on How to protect encrypt data and avoid data loss prevention on cloud
Aug 142013

How to protect encrypt data and avoid data loss prevention on cloud

Author: skyhighnetworks

Detect and remediate policy inconsistencies

Policy inconsistencies can occur in two ways.  In the first type of inconsistency, there is a high-risk service that is allowed, while another, lower risk service is blocked.  In this instance, make a policy decision to block both, allow both, or allow only the lower risk service.  All three options would eliminate the inconstancy, but you will need to determine which option makes the most sense for your business.

How to protect encrypt data and avoid data loss prevention on cloud

How to protect encrypt data and avoid data loss prevention on cloud

The second type of inconsistency occurs when a service is partially blocked.  Sometime there is a legitimate reason for this type of inconsistency (e.g. Marketing needs access to Facebook but other departments do not.  More often than not, this type of inconsistency occurs because the infrastructure cannot keep up with the velocity of new cloud services being introduced and used by employees and therefore many service fall in the unclassified category.  Using a cloud service management product that has an extensive registry of services and automatically visualizes allowed vs. denied traffic will make identifying both types on inconsistencies simple and will allow you to easily monitor progress resolving the inconsistencies.

Search for anomalies in user behaviour

When working to reduce the risk of cloud services, much attention is paid to the risk profile of the cloud services themselves.  However, often times perfectly safe and secure cloud services can be the source of a data leak if an internal employee is acting maliciously.  Unfortunately, no proxy, firewall, or SIEM can alert the organization of malicious use of a legitimate service.  So, the best practice is to leverage a cloud services management product that has the ability to identify usage anomalies that are indicative of malicious behaviour.

Conduct investigations into anomalous behaviours

While a cloud service anomaly, such as the Twitter example mentioned above, is a very good indicator of malicious behaviour, and investigation must be conducted in order to determine the context and intent of the anomalous behaviour.  For example, the user associated with the IP address that had 1M tweets may have simply contracted a malware virus that had seized her Twitter account, or she could have been intentionally leaking confidential data.  In most cases, the best practices is to look for a legitimate business use case, compare their activity to benchmarks, and then contact the line of business manager and corporate security to alert them of the issue, monitor their activity, and intervene if needed.

Encrypt data going to key services

It is prudent to add another layer of security to the most critical cloud services in your organization.  The first step is to identify services that are enterprise-critical, blessed, and procured, such as Salesforce, Box, Office365, and Google.  Access to those services should require that employees to use their corporate identity and then access to your enterprise\’s account at the service.  For example, their traffic would go to, rather than directly to   This means that you can then control who has access the account, and what happens to the data sent to this service.

The best practice is to leverage a reverse proxy to encrypt data sent to these services with your enterprise managed encryption keys.  In doing so, you guarantee that even if the provider is compromised, your data will not be.  Finally, you will need to ensure that your control is enforced for on-premise to cloud accesses and for mobile to cloud access.  This should be done without requiring the traffic from those devices to be back-hauled (through a VPN) into your enterprise edge first to avoid introducing user friction.

Doing this will provide 2 distinct advantages.  The first obvious advantage is that even if the service is compromised, your data will not be because you hold the encryption keys.  The second advantage is that in this era of limited data privacy, this encryption guards against a blind government subpoena.  Microsoft, Google, and Box, for example, often receive subpoenas from the government asking for information for a particular company, with a gag order prohibiting them from alerting that company.  By encrypting the data that lives within the cloud, the company can ensure that it is notified of any investigation, as it will need to provide the encryption keys to government investigators.

Implement Data Loss Prevention (DLP) guidelines to avoid compliance risk

Any enterprise that utilizes cloud services should be careful about sending confidential data to the cloud, but if you work in a regulated industry, such as healthcare or financial services you must be extra vigilant.  Within a regulated industry, sending confidential client information to the cloud can result in a serious compliance violation that would damage the reputation of the company and result in serious financial penalties.   Specifically, healthcare companies must comply with HIPPA regulations, banks and financial institutions must comply with PCI guidelines and almost every company must comply with SOX regulations.  Complying with these regulations.  Any company using the cloud must have a DLP strategy in order to comply with these regulations.

Proxies and firewalls cannot protect against the incidental transmission of personal information, so your cloud data security management product should be able to provide DLP functionality to help prevent sending confidential client information to the cloud.

Track progress regularly

Managing the risk of cloud services is not a point in time exercise.  You will need to continually monitor the use of cloud services since new services hit the market daily and your employees will constantly seek the latest tools to help them do their jobs.  In order to drive a successful and quantifiable risk management program you will need to determine which metrics to track and develop a methodology for gathering the data on a regular basis.

Article Source:

About the Author

This article has been brought to you by the Skyhigh Networks cloud visibility and control company. Your cloud data security management product is to be provided with certain DLP functionality to help prevent sending confidential client information to the cloud.. For more information on Cloud Security services, call Skyhigh Networks experts at 1.866.727.8383, or visit

Security Challenges Faced by Cloud Hosting – Handling Data

 Cloud Computing Security  Comments Off on Security Challenges Faced by Cloud Hosting – Handling Data
Apr 152013

Security Challenges Faced by Cloud Hosting – Handling Data

By Stuart P Mitchell

The final part of this article looks at how and where data is stored or handled and the issues that arise in cloud computing through the process of creating multiple instances of data across multiple server platforms. Cloud computing relies on this mechanism for many of its key benefits but, by doing so, invites further challenges for data security.

Security Challenges Faced by Cloud Hosting - Handling Data

Security Challenges Faced by Cloud Hosting – Handling Data

Data Protection

Data collection and storage is usually bound by legislation or regulation which varies depending on the jurisdiction under which a service falls. Most prominent regulations, however (e.g., those in the US and Europe) share certain principles in common that demand, for example, that data is collected with the subject’s permission, with their full understanding of what the data will be used for, only if the data is relevant to the stated purpose, only for that stated purpose, with transparency and with accountability. For the subject of the data this should mean that they consent to the service provider collecting data relating to them, they know what data that is, who has access to it and why, as well as how to access it themselves if they want to.

It is therefore paramount for IT service providers, who have stewardship of any data, that they are able to identify where data is stored within those services that they provide, how to access it and whether it is secure. However, the abstraction of cloud services in particular can cause challenges for those who utilise them to store or process data because they cannot necessarily guarantee where this data is at any given time. The physical location and guardianship can be obscured, with data hosting sometimes crossing different sites, geographical boundaries and even jurisdictions.

In such cases where private information is involved, the answer often lies with private clouds employing on-site hosting as mentioned in earlier parts of this article, but there is often a trade off with some of the other benefits of cloud which are discussed below.

Multiple Data Instances

Two of cloud computing’s biggest selling points are that of redundancy and scalability. These are often achieved by utilising multiple servers to provide the underlying computing resource, with, therefore, the data within a cloud service being ultimately stored across these numerous servers. Moreover, cloud structures will also create multiple instances of data across these servers to provide a further layer of redundancy protection. However, the more servers that data is shared across, the greater the risk that this data may be susceptible to security vulnerabilities on one of those servers (e.g., malware, hacks); whilst the more instances there are of a piece of data, the greater the risk (by definition) that that data may be accessed and used by unauthorised users. Essentially, data in one place needs to be protected once, data stored in a 100 places, will need to be protected 100 times.

What’s more, as each server and platform is likely to be shared, particularly in the public cloud model, each data instance may be subject to another security threat introduced, inadvertently or otherwise by the 3rd party users who share the resources. In a private cloud, however, this threat is reduced as the cloud resource exists behind the one organisation’s firewall and fewer instances of the data are created in the first place (fewer servers to pool). Consequently there is always a degree of trade off between introducing security risk and the level of redundancy and scalability built into a system (although of course redundancy can prevent data loss in itself). Private clouds may be more secure but with smaller pool of resource they cannot match the levels of redundancy and scalability offered by the vast capacities of public clouds.

© Stuart Mitchell 2013

To find out more about overcoming the security challenges faced by cloud hosting you can visit this blog on cloud hosting and IaaS.

Article Source:—Handling-Data&id=7631668

Security Challenges Faced by Cloud Hosting – Building in Security

 Cloud Computing Security  Comments Off on Security Challenges Faced by Cloud Hosting – Building in Security
Apr 152013

Security Challenges Faced by Cloud Hosting – Building in Security

By Stuart P Mitchell

As mentioned in part one of this article there are multiple stages at which information stored through cloud hosting platforms must be protected against data loss and unauthorised access. The first step is to secure the physical elements of a cloud hosting platform as described, however, the additional steps involve architectural and software based security measures to protect not only the platforms on which the data is stored, but also the data in transit and the subsequent points of access that allow valid users to interact with the data.

Security Challenges Faced by Cloud Hosting - Building in Security

Security Challenges Faced by Cloud Hosting – Building in Security

Public Cloud Models

Cloud offerings, including cloud hosting, can be broadly categorised, in terms of the way they are deployed (regardless of whether they are Infrastructure, Platform or Software as a Service), as either being Public Cloud, Private Cloud or Hybrid Cloud (a combination of the two). Much of the distinction between public and private clouds revolves around levels of security and privacy rather than technical specifications. As the name suggests, public clouds use points of access which are accessible on public networks (e.g., the internet), public networks to transfer information and shared clustered cloud servers to store information. Essentially anyone can ‘knock on the door’ of the cloud service, attempt to intercept its information in transit and potentially share its server resources. The services, should of course be protected by end point authentication, data encryption and anti-virus/firewall measures on the server platform to keep data secure but they are exposed to ‘attack’ at almost every point in their architecture. It is therefore important that consumers of such services are aware of what risks each service carries and what the provider puts in place to safeguard their customers’ data.

Private Cloud

For organisations dealing with highly sensitive data, however, they may demand more restrictions on who can attempt to access the cloud service, the networks it utilises and the sharing of cloud servers. In particular, some organisations will be governed by regulation which demands that they retain control of data for which they are ultimately responsible.

Private clouds may employ differing architectures, but they are defined by providing the aforementioned security measures. Servers can be located on an organisation’s own premises or within a data centre facility but they will be ringfenced for the use of that sole client; whether it be with physical hardware separation or virtualised separation between server clusters, an organisation’s cloud platform will be behind their own firewall. What’s more, to protect data in transit, and to prevent untrusted users from accessing the cloud, private clouds can again use either physical or virtualised separation from public shared networks. For example, an organisation can utilise local area network (LAN) connections to access a cloud which hosted on internal on-site servers or a physically distinct leased line when connecting to servers in a remote location. Alternatively, technologies such as MPLS (Multi-Label Switching Protocol) can be used to provide organisations with trusted network connections, controlled by individual providers, across public network infrastructure. The latter can provide more flexibility and allow the organisation to benefit to a greater extent from the scalability that cloud hosting providers can provide.

Hybrid Cloud

A hybrid cloud combines elements of public and private clouds and so can provide the security that organizations require for their sensitive and private data whilst allowing them to access cost efficient scalability in the public cloud for their non-sensitive operations. For example, an organization may store all of their protected client data in systems and databases hosted on site in a private cloud as required by regulation but pull computing resource from a public cloud for their brochureware website’s hosting platform.

Data Centre Expertise

The previous part of this article mentioned the benefits of a data center location in terms of the physical maintenance of servers preventing data loss. Similarly it is worth noting that both public clouds and private clouds which utilise a third party data center location for their server hosting (whilst introducing vulnerabilities in data transfer) can benefit from on-site expertise in the maintenance of software and anti-virus measures, including for example patching, to optimise both the preservation and security of data.

© Stuart Mitchell 2013

To find out more about overcoming the security challenges faced by cloud hosting you can visit this cloud hosting blog.

Article Source:—Building-in-Security&id=7620448

Security Challenges Faced by Cloud Hosting – Physical Security

 Cloud Computing Security  Comments Off on Security Challenges Faced by Cloud Hosting – Physical Security
Apr 152013

Security Challenges Faced by Cloud Hosting – Physical Security

By Stuart P Mitchell

The following three posts explore the topic of cloud hosting and the challenges it faces in providing secure data environments for enterprise consumers. In addition, it discusses the measures taken to combat these challenges, whether they be physical risks to hosting platforms or cybercrime.

Security Challenges Faced by Cloud Hosting - Physical Security

Security Challenges Faced by Cloud Hosting – Physical Security

The Need for Secure Data

The concept of security in all aspects of computing can be said to fall into two areas, the preservation of data and the control of data. The first of these concerns is the ability to ensure that data is not lost or corrupted, whether it be sensitive (i.e., private) or not. Data preservation may be essential for the effective operations of a business, for example, to be able to contact suppliers/clients or monitor and analyse business performance (business intelligence). In many cases firms are required to preserve data for periods of time by regulatory bodies in order to provide audit trails on their activities and where data is deemed personal, sensitive or private in relation to customers, suppliers or employees, firms will also be required by data protection laws to maintain that data.

The second issue pertains to the risk of sensitive data being seen by those who should not have access to it. Again data protection laws govern firms when it comes to only obtaining personal data with an individual’s permission and then ensuring that they control who has access, restricting unwarranted access. In addition however, firms will invariably want to keep their own business operations private as well to prevent competitors gaining an advantage on them.

All IT infrastructure needs to confront these security issues whether it be personal or enterprise level computing and this has been a particular challenge for cloud computing in general, including cloud based hosting.

The Vulnerabilities

Cloud computing services ultimately require networks of physical servers to create the pool of computing resource from which clients can access their computing as a service, which means that all cloud resources always have some form of physical location. In addition, cloud services rely on a point at which the end users can access them, often publicly available on the internet as well as of course a public network such as the internet to transfer the data used by the service. These three elements to a typical public cloud service each have their own vulnerabilities in terms of the protection and preservation of data.

Physical Security

In terms of the physical infrastructure used to build a cloud service, many of the security challenges are the same as those faced by any other hosting platform. To keep data secure, providers first need to keep the infrastructure secure and running, and the data centres where cloud servers are housed take great measures to these ends. In terms of access, they ensure that the facilities themselves are secured against unauthorised personnel by using tools such as biometrics, security cameras, guards and limited access to individual server suites. This not only controls the risk of intentional sabotage or physical hacks but also the risk of accidental damage caused by one engineer affecting another organisation’s servers, for example.

Furthermore, servers and network infrastructures are protected against physical damage using advanced fire protections systems and environmental controls such as temperature management. Controlling the temperature inside data centres is one of the primary expenses of a data centre provider due to the vast amount of heat generated by working servers. The aim of the exercise is to ensure that servers can run at their optimal temperatures but if left unchecked the damage caused could take servers offline completely. Data centres employ techniques such as chiller units, ventilation and water cooling to keep temperature regulated and servers running smoothly.

Cloud servers and their networks also benefit from the general expertise of data centre providers to keep the hardware maintained and up to date, ensuring that the chances of other hardware failures are reduced. As with alternative hosting solutions which locate servers in data centres, such as colocation, dedicated hosting and VPS (virtual private servers), this expertise may be accessed at a fraction of the cost it would take for businesses to deploy in-house.

However, these physical security measures are only the first step. The second part of this post explores the efforts taken to keep cloud hosting software operating smoothly and prevent data from falling into the wrong hands.

© Stuart Mitchell 2013

To find out more about overcoming the security challenges faced by cloud services you can visit this blog from a cloud industry expert.

Article Source:—Physical-Security&id=7619993

Oct 172012

Cloud Computing and Data Security

By Archita D Majumdar

Cloud computing is changing the way IT is delivered to businesses and how businesses can now leverage the technologies to be very nimble and agile, yet large. Cloud is a technology that maintains data and applications by making use of the internet and central remote servers. Cloud computing enables users to run their necessary applications without actually installing the software or hardware. The consumers can access their necessary files at any remote computer having internet access. This technology is handy as it facilitates efficient computing by a central storage, memory, process and bandwidth.

Cloud computing can be broken down into three components:

  • Application
  • Storage
  • Connectivity

Each segment serves a different purpose and offers different products for businesses and individuals around the world.

Cloud computing has two primary deployment models. They are:

  • Community cloud – In this concept of Cloud, several organizations from a specific community with common concerns share infrastructure between themselves. They could be managed either internally or by a third-party and the hosting could be internal or external. The costs have are distributed among fewer users.
  • Public cloud – This concept of Cloud is established when several organizations having similar requirements and seeking to share infrastructure are concerned. This definitely is more viable in terms of monetary benefit, as the resources (storage, workstations) utilized and shared in the community are used by a huge number of consumers.

The advantages of Cloud Computing offering in IT services include the following:

  1. Transformation into on demand IT-as-a-service
  2. Greater business agility, on-demand provisioning
  3. Self-provisioning & deployment of applications
  4. Significant savings in total cost of operations through right sizing and operational efficiency
  5. Dynamic capacity on demand to reduce time to market
  6. Strategically align the business on long-term opportunities while optimizing on operations

The transition to Cloud however, is accompanied by a number of data security issues that need to be looked into. Most organizations use relational databases to store the most sensitive data, hence the need of data security while moving to Cloud becomes all the more important and imperative. So, as the consumers work on migrating applications to Cloud, they need to be careful about three main attributes involving data security.

Cloud Computing and Data Security

Cloud Computing and Data Security

  1. User access privileges: Any sensitive data that is processed outside the enterprise is prone to an elemental risk. As the services are outsourced, they kind of discount the physical, logical and personnel regulations which the IT departments could exercise over the in-house programs.
  2. Server Elasticity: One of the key perks of Cloud computing is flexibility. So, keeping apart the fact about users having knowledge of the exact location of where their data is hosted, the servers hosting the concerned data can be provisioned and de-provisioned regularly to mirror the current requirement capacity. This evolving topology can be a challenge for the technologies banked on today and could be very hard for the management to constantly update configurations fitting to every such change.
  3. Regulatory Compliance: Data integrity and data security are but the ultimate responsibilities of the organizations even if it is held by a service provider. The whole system of educating the auditors, demonstrating that their data is safe and secure even when there is no physical control over systems, is challenging. They need to provide them with the quintessential visibility into all activity.

Controlling access and monitoring of cloud administrators is a cutting point to make sure that sensitive data is secure. While the users may want to maintain background checks of their own privileged users and may also enforce significant physical monitoring, even if this be done by their cloud provider – it is a process which is not their own. Therefore that would mean compromising some element of power or control. These individuals may have almost unlimited access to the infrastructure, something they require in order to maintain and check the performance and availability of the cloud resources for all customers.

Article Source:

Aug 152012

Cloud Computing Security

By Danny Blacharski

One of the greatest game-changing innovations of this decade is cloud computing. The shift away from pure on-premises applications and data storage is already well underway, with consumers, small and midsize businesses, and even large enterprises putting applications and data into the cloud. The ever-present question however, is whether it is safe to do so. Cloud computing security is by far the biggest concern among those considering the technology. And if you’re an IT manager, it’s good to be paranoid. Losses from cybercrime and attack can be enormous, and the 2008 CSI Computer Crime and Security Survey show an overall average annual loss of just under $300,000.

Cloud Computing Security

Cloud Computing Security

It may seem like a leap of faith to put your valuable data and applications in the cloud, and to trust cloud computing security to a third party. Yet faith is not a part of the equation, nor should it be. Every enterprise needs to know that its data and applications are secure, and the question of cloud computing security must be addressed.

In fact, the cloud does have several security advantages. According to NIST, these cloud computing security advantages include:

o Shifting public data to a external cloud reduces the exposure of the internal sensitive data
o Cloud homogeneity makes security auditing/testing simpler
o Clouds enable automated security management
o Redundancy / Disaster Recovery

All four points are well taken. Cloud providers naturally tend to include rigorous cloud computing security as part of their business models, often more than an individual user would do. In this respect, it’s not just a matter of cloud computing providers deploying better security, the point is, rather, that they deploy the precautions that individual companies should, but often don’t.

A common security model

Most application providers impose some level of security with their applications, although when cloud application providers implement their own proprietary approaches to cloud computing security, concerns arise over international privacy laws, exposure of data to foreign entities, stovepipe approaches to authentication and role-based access, and leaks in multi-tenant architectures. These security concerns have slowed the adoption of cloud computing technology, although it need not pose a problem.

The very nature of a cloud platform is that it imposes an instance of common software elements that can be used by developers to “bolt on” to their applications without having to write them from scratch. This advantage is especially useful in the area of security. The cloud “platform as a service” brings an elegant solution to the security problem by implementing a standard security model to manage user authentication and authorization, role-based access, secure storage, multi-tenancy, and privacy policies. Consequently, any SaaS application that runs on the common platform would immediately benefit from the platform’s standardized and robust security model.

Superior physical security through cloud computing provider

Lack of physical security is the cause of an enormous amount of loss, and insider attacks account for a surprisingly large percentage of loss. And while the specter of black hats hacking into your network from a third world country is very much real, very often, the “black hat” is in reality a trusted employee. It’s the guy from the Accounting department who you have lunch with. It’s the lady who brings you coffee in the morning and always remembers that you like two sugars. It’s the recent college grad with so much potential, who did such a great job on that last report.

Of course, insiders can attack your network and data regardless of where it is located, given enough incentive and information, but physical proximity of the actual hardware and data makes it much easier to gain access, and cloud data centers tend to have better internal physical security protocols, including locked rooms, regulated access, and other protections against physical theft and tampering.

Conclusion: Superior security through the cloud

Besides physical security, technical security is of the utmost importance. Hosting your own servers and applications requires extra measures. A larger organization may need to deploy dedicated IT staff to security only. Cloud computing, on the other hand, builds cloud computing security directly into the cloud platform. While the company still must maintain in-house security in any case, the provider ensures that the applications and data are safe from attack.

We tend to think that retaining control over everything is inherently more secure, when this is not the case. Smaller companies especially may lack the skilled security staff in-house, and even larger firms often just don’t have the resources to dedicate to implementing rigorous security on an ongoing basis. A cloud computing provider on the other hand, which offers a detailed service level agreement and retains skilled security staff in-house, will often provide superior security when compared with the in-house alternative.

For more information about cloud computing, please visit for a free copy of “Cloud Computing Made Easy.” Cloudipedia is a property of Virtual Global, a provider of cloud-enabled enterprise IT solutions and the TeamHost� cloud computing platform for building SaaS applications without programming.

Article Source: