Sunday, April 14, 2013

Security Challenges Faced by Cloud Hosting - Building in Security

Security Challenges Faced by Cloud Hosting - Building in Security

By Stuart P Mitchell

As mentioned in part one of this article there are multiple stages at which information stored through cloud hosting platforms must be protected against data loss and unauthorised access. The first step is to secure the physical elements of a cloud hosting platform as described, however, the additional steps involve architectural and software based security measures to protect not only the platforms on which the data is stored, but also the data in transit and the subsequent points of access that allow valid users to interact with the data.

[caption id="attachment_1057" align="aligncenter" width="450"]Security Challenges Faced by Cloud Hosting - Building in Security Security Challenges Faced by Cloud Hosting - Building in Security[/caption]

Public Cloud Models

Cloud offerings, including cloud hosting, can be broadly categorised, in terms of the way they are deployed (regardless of whether they are Infrastructure, Platform or Software as a Service), as either being Public Cloud, Private Cloud or Hybrid Cloud (a combination of the two). Much of the distinction between public and private clouds revolves around levels of security and privacy rather than technical specifications. As the name suggests, public clouds use points of access which are accessible on public networks (e.g., the internet), public networks to transfer information and shared clustered cloud servers to store information. Essentially anyone can 'knock on the door' of the cloud service, attempt to intercept its information in transit and potentially share its server resources. The services, should of course be protected by end point authentication, data encryption and anti-virus/firewall measures on the server platform to keep data secure but they are exposed to 'attack' at almost every point in their architecture. It is therefore important that consumers of such services are aware of what risks each service carries and what the provider puts in place to safeguard their customers' data.

Private Cloud

For organisations dealing with highly sensitive data, however, they may demand more restrictions on who can attempt to access the cloud service, the networks it utilises and the sharing of cloud servers. In particular, some organisations will be governed by regulation which demands that they retain control of data for which they are ultimately responsible.

Private clouds may employ differing architectures, but they are defined by providing the aforementioned security measures. Servers can be located on an organisation's own premises or within a data centre facility but they will be ringfenced for the use of that sole client; whether it be with physical hardware separation or virtualised separation between server clusters, an organisation's cloud platform will be behind their own firewall. What's more, to protect data in transit, and to prevent untrusted users from accessing the cloud, private clouds can again use either physical or virtualised separation from public shared networks. For example, an organisation can utilise local area network (LAN) connections to access a cloud which hosted on internal on-site servers or a physically distinct leased line when connecting to servers in a remote location. Alternatively, technologies such as MPLS (Multi-Label Switching Protocol) can be used to provide organisations with trusted network connections, controlled by individual providers, across public network infrastructure. The latter can provide more flexibility and allow the organisation to benefit to a greater extent from the scalability that cloud hosting providers can provide.

Hybrid Cloud

A hybrid cloud combines elements of public and private clouds and so can provide the security that organizations require for their sensitive and private data whilst allowing them to access cost efficient scalability in the public cloud for their non-sensitive operations. For example, an organization may store all of their protected client data in systems and databases hosted on site in a private cloud as required by regulation but pull computing resource from a public cloud for their brochureware website's hosting platform.

Data Centre Expertise

The previous part of this article mentioned the benefits of a data center location in terms of the physical maintenance of servers preventing data loss. Similarly it is worth noting that both public clouds and private clouds which utilise a third party data center location for their server hosting (whilst introducing vulnerabilities in data transfer) can benefit from on-site expertise in the maintenance of software and anti-virus measures, including for example patching, to optimise both the preservation and security of data.

© Stuart Mitchell 2013

To find out more about overcoming the security challenges faced by cloud hosting you can visit this cloud hosting blog.

Article Source: