Security Challenges Faced by Cloud Hosting – Handling Data

 Cloud Computing Security  Comments Off on Security Challenges Faced by Cloud Hosting – Handling Data
Apr 152013

Security Challenges Faced by Cloud Hosting – Handling Data

By Stuart P Mitchell

The final part of this article looks at how and where data is stored or handled and the issues that arise in cloud computing through the process of creating multiple instances of data across multiple server platforms. Cloud computing relies on this mechanism for many of its key benefits but, by doing so, invites further challenges for data security.

Security Challenges Faced by Cloud Hosting - Handling Data

Security Challenges Faced by Cloud Hosting – Handling Data

Data Protection

Data collection and storage is usually bound by legislation or regulation which varies depending on the jurisdiction under which a service falls. Most prominent regulations, however (e.g., those in the US and Europe) share certain principles in common that demand, for example, that data is collected with the subject’s permission, with their full understanding of what the data will be used for, only if the data is relevant to the stated purpose, only for that stated purpose, with transparency and with accountability. For the subject of the data this should mean that they consent to the service provider collecting data relating to them, they know what data that is, who has access to it and why, as well as how to access it themselves if they want to.

It is therefore paramount for IT service providers, who have stewardship of any data, that they are able to identify where data is stored within those services that they provide, how to access it and whether it is secure. However, the abstraction of cloud services in particular can cause challenges for those who utilise them to store or process data because they cannot necessarily guarantee where this data is at any given time. The physical location and guardianship can be obscured, with data hosting sometimes crossing different sites, geographical boundaries and even jurisdictions.

In such cases where private information is involved, the answer often lies with private clouds employing on-site hosting as mentioned in earlier parts of this article, but there is often a trade off with some of the other benefits of cloud which are discussed below.

Multiple Data Instances

Two of cloud computing’s biggest selling points are that of redundancy and scalability. These are often achieved by utilising multiple servers to provide the underlying computing resource, with, therefore, the data within a cloud service being ultimately stored across these numerous servers. Moreover, cloud structures will also create multiple instances of data across these servers to provide a further layer of redundancy protection. However, the more servers that data is shared across, the greater the risk that this data may be susceptible to security vulnerabilities on one of those servers (e.g., malware, hacks); whilst the more instances there are of a piece of data, the greater the risk (by definition) that that data may be accessed and used by unauthorised users. Essentially, data in one place needs to be protected once, data stored in a 100 places, will need to be protected 100 times.

What’s more, as each server and platform is likely to be shared, particularly in the public cloud model, each data instance may be subject to another security threat introduced, inadvertently or otherwise by the 3rd party users who share the resources. In a private cloud, however, this threat is reduced as the cloud resource exists behind the one organisation’s firewall and fewer instances of the data are created in the first place (fewer servers to pool). Consequently there is always a degree of trade off between introducing security risk and the level of redundancy and scalability built into a system (although of course redundancy can prevent data loss in itself). Private clouds may be more secure but with smaller pool of resource they cannot match the levels of redundancy and scalability offered by the vast capacities of public clouds.

© Stuart Mitchell 2013

To find out more about overcoming the security challenges faced by cloud hosting you can visit this blog on cloud hosting and IaaS.

Article Source:—Handling-Data&id=7631668

Security Challenges Faced by Cloud Hosting – Building in Security

 Cloud Computing Security  Comments Off on Security Challenges Faced by Cloud Hosting – Building in Security
Apr 152013

Security Challenges Faced by Cloud Hosting – Building in Security

By Stuart P Mitchell

As mentioned in part one of this article there are multiple stages at which information stored through cloud hosting platforms must be protected against data loss and unauthorised access. The first step is to secure the physical elements of a cloud hosting platform as described, however, the additional steps involve architectural and software based security measures to protect not only the platforms on which the data is stored, but also the data in transit and the subsequent points of access that allow valid users to interact with the data.

Security Challenges Faced by Cloud Hosting - Building in Security

Security Challenges Faced by Cloud Hosting – Building in Security

Public Cloud Models

Cloud offerings, including cloud hosting, can be broadly categorised, in terms of the way they are deployed (regardless of whether they are Infrastructure, Platform or Software as a Service), as either being Public Cloud, Private Cloud or Hybrid Cloud (a combination of the two). Much of the distinction between public and private clouds revolves around levels of security and privacy rather than technical specifications. As the name suggests, public clouds use points of access which are accessible on public networks (e.g., the internet), public networks to transfer information and shared clustered cloud servers to store information. Essentially anyone can ‘knock on the door’ of the cloud service, attempt to intercept its information in transit and potentially share its server resources. The services, should of course be protected by end point authentication, data encryption and anti-virus/firewall measures on the server platform to keep data secure but they are exposed to ‘attack’ at almost every point in their architecture. It is therefore important that consumers of such services are aware of what risks each service carries and what the provider puts in place to safeguard their customers’ data.

Private Cloud

For organisations dealing with highly sensitive data, however, they may demand more restrictions on who can attempt to access the cloud service, the networks it utilises and the sharing of cloud servers. In particular, some organisations will be governed by regulation which demands that they retain control of data for which they are ultimately responsible.

Private clouds may employ differing architectures, but they are defined by providing the aforementioned security measures. Servers can be located on an organisation’s own premises or within a data centre facility but they will be ringfenced for the use of that sole client; whether it be with physical hardware separation or virtualised separation between server clusters, an organisation’s cloud platform will be behind their own firewall. What’s more, to protect data in transit, and to prevent untrusted users from accessing the cloud, private clouds can again use either physical or virtualised separation from public shared networks. For example, an organisation can utilise local area network (LAN) connections to access a cloud which hosted on internal on-site servers or a physically distinct leased line when connecting to servers in a remote location. Alternatively, technologies such as MPLS (Multi-Label Switching Protocol) can be used to provide organisations with trusted network connections, controlled by individual providers, across public network infrastructure. The latter can provide more flexibility and allow the organisation to benefit to a greater extent from the scalability that cloud hosting providers can provide.

Hybrid Cloud

A hybrid cloud combines elements of public and private clouds and so can provide the security that organizations require for their sensitive and private data whilst allowing them to access cost efficient scalability in the public cloud for their non-sensitive operations. For example, an organization may store all of their protected client data in systems and databases hosted on site in a private cloud as required by regulation but pull computing resource from a public cloud for their brochureware website’s hosting platform.

Data Centre Expertise

The previous part of this article mentioned the benefits of a data center location in terms of the physical maintenance of servers preventing data loss. Similarly it is worth noting that both public clouds and private clouds which utilise a third party data center location for their server hosting (whilst introducing vulnerabilities in data transfer) can benefit from on-site expertise in the maintenance of software and anti-virus measures, including for example patching, to optimise both the preservation and security of data.

© Stuart Mitchell 2013

To find out more about overcoming the security challenges faced by cloud hosting you can visit this cloud hosting blog.

Article Source:—Building-in-Security&id=7620448

Sep 082011

Cloud Computing Security

By Danny Blacharski

One of the greatest game-changing innovations of this decade is cloud computing. The shift away from pure on-premises applications and data storage is already well underway, with consumers, small and midsize businesses, and even large enterprises putting applications and data into the cloud. The ever-present question however, is whether it is safe to do so. Cloud computing security is by far the biggest concern among those considering the technology. And if you’re an IT manager, it’s good to be paranoid. Losses from cybercrime and attack can be enormous, and the 2008 CSI Computer Crime and Security Survey show an overall average annual loss of just under $300,000.

Cloud Computing Australia : Cloud Computing Security

Cloud Computing Australia : Cloud Computing Security

 It may seem like a leap of faith to put your valuable data and applications in the cloud, and to trust cloud computing security to a third party. Yet faith is not a part of the equation, nor should it be. Every enterprise needs to know that its data and applications are secure, and the question of cloud computing security must be addressed.

In fact, the cloud does have several security advantages. According to NIST, these cloud computing security advantages include:

o Shifting public data to a external cloud reduces the exposure of the internal sensitive data

o Cloud homogeneity makes security auditing/testing simpler

o Clouds enable automated security management

o Redundancy / Disaster Recovery

All four points are well taken. Cloud providers naturally tend to include rigorous cloud computing security as part of their business models, often more than an individual user would do. In this respect, it’s not just a matter of cloud computing providers deploying better security, the point is, rather, that they deploy the precautions that individual companies should, but often don’t.

A common security model

Most application providers impose some level of security with their applications, although when cloud application providers implement their own proprietary approaches to cloud computing security, concerns arise over international privacy laws, exposure of data to foreign entities, stovepipe approaches to authentication and role-based access, and leaks in multi-tenant architectures. These security concerns have slowed the adoption of cloud computing technology, although it need not pose a problem.

The very nature of a cloud platform is that it imposes an instance of common software elements that can be used by developers to “bolt on” to their applications without having to write them from scratch. This advantage is especially useful in the area of security. The cloud “platform as a service” brings an elegant solution to the security problem by implementing a standard security model to manage user authentication and authorization, role-based access, secure storage, multi-tenancy, and privacy policies. Consequently, any SaaS application that runs on the common platform would immediately benefit from the platform’s standardized and robust security model.

Superior physical security through cloud computing provider

Lack of physical security is the cause of an enormous amount of loss, and insider attacks account for a surprisingly large percentage of loss. And while the specter of black hats hacking into your network from a third world country is very much real, very often, the “black hat” is in reality a trusted employee. It’s the guy from the Accounting department who you have lunch with. It’s the lady who brings you coffee in the morning and always remembers that you like two sugars. It’s the recent college grad with so much potential, who did such a great job on that last report.

Of course, insiders can attack your network and data regardless of where it is located, given enough incentive and information, but physical proximity of the actual hardware and data makes it much easier to gain access, and cloud data centers tend to have better internal physical security protocols, including locked rooms, regulated access, and other protections against physical theft and tampering.

Conclusion: Superior security through the cloud

Besides physical security, technical security is of the utmost importance. Hosting your own servers and applications requires extra measures. A larger organization may need to deploy dedicated IT staff to security only. Cloud computing, on the other hand, builds cloud computing security directly into the cloud platform. While the company still must maintain in-house security in any case, the provider ensures that the applications and data are safe from attack.

We tend to think that retaining control over everything is inherently more secure, when this is not the case. Smaller companies especially may lack the skilled security staff in-house, and even larger firms often just don’t have the resources to dedicate to implementing rigorous security on an ongoing basis. A cloud computing provider on the other hand, which offers a detailed service level agreement and retains skilled security staff in-house, will often provide superior security when compared with the in-house alternative.

For more information about cloud computing, please visit for a free copy of “Cloud Computing Made Easy.” Cloudipedia is a property of Virtual Global, a provider of cloud-enabled enterprise IT solutions and the TeamHost� cloud computing platform for building SaaS applications without programming.

Article Source: