Excellium services newsletter : Cloud-computing: a guaranteed security modern alternative

Cloud Computing represents the on-demand delivery of IT resources over the internet. It represents a modern alternative to buying, owning and maintaining physical servers or datacentres. The use of cloud computing has changed the landscape of computing as it comes with an increase in reliability, scalability, and a major decrease in costs.

by colinelacatena

Excellium services newsletter : Cloud-computing: a guaranteed security modern alternative

Cloud Computing represents the on-demand delivery of IT resources over the internet. It represents a modern alternative to buying, owning and maintaining physical servers or datacentres. The use of cloud computing has changed the landscape of computing as it comes with an increase in reliability, scalability, and a major decrease in costs.

by colinelacatena

by colinelacatena

Cloud Computing

Cloud Computing represents the on-demand delivery of IT resources over the internet. It represents a modern alternative to buying, owning and maintaining physical servers or datacentres. The use of cloud computing has changed the landscape of computing. Indeed, it comes with an increase in reliability, scalability, and a major decrease in costs.

Some options

When talking about Cloud Computing, we can refer to one of the three options:

  • IaaS – Infrastructure as a service – that contains the basic building blocks for cloud IT.  It provides access to network features, computers (virtual or on dedicated hardware), and data storage capacity. IaaS gives the highest level of flexibility and management control over IT resources. It is the closest option to a classical IT infrastructure that most administrators and developers are used with.
  • PaaS – Platform as a service – this model removes the burden of managing the underlying IT infrastructure. Besides, it allows us to focus on the deployment and management of applications. With this model, there is no need to worry about resources procurement, capacity planning, patching, or other time and resource-consuming activities.
  • SaaS – Software as a service – provides a completely working product that the service provider run and manage entirely. With SaaS, the focus moves from the management of the application towards the management of the business. Actually, there is no need to think about how the application is configured or managed. Instead, the focus shifts completely on how to use the application as best as possible.

We can deploy these options in various ways, each of them has its own characteristics:

  • Private cloud – Operated just for an organization;
  • Community cloud – Shared by several entities that have a common purpose;
  • Public Cloud – Available to the large public and owned by a single organization selling cloud services;
  • Hybrid Cloud – Any combination of private, community or public cloud services.

Although using cloud computing services comes with advantages, such as cost-cutting, easier capacity planning, less workload for IT departments and so on; it can bring a burden in term of data privacy, confidentiality, governance and control over the resources.

Cloud- computing challenges

Moving to a cloud environment or even using a partial cloud solution has its benefits. However, it also introduces new complex issues that few companies are prepared for, such as:

  • Adoption of a new cloud service is very easy and straight forward. However, decommissioning such an application might prove to be a hassle and, as such, more and more companies pile up cloud solution having real trouble in appropriately managing them.
  • With the implementation of a new cloud solution being so easy, virtually anybody in the company can source a new service. The problem is that not all cloud sourcing activities go through the IT department. This ends up creating a sort of “shadow IT”, making organizations “blind” to what actually happens with their data (where it stored, process, to whom it is transmitted and so on).
  • When there are so many cloud service providers on the market, it is only normal that each (or most of them) uses a different solution for securing their cloud services. Juggling with more cloud service providers will prove to be a burden in term of applying a unitary approach towards information security, policy distribution and so on.

Some issues with Cloud Computing

One of the major issues when adopting a cloud service is drawing the line in terms of responsibilities. Usually, the cloud service provider secures the platform or the underlying infrastructure (storage and compute resources shared by everyone). Yet, securing the content or the data is the duty of the cloud customer. As this might sound easy while there is only one cloud service in use, the problem arises when multiple services are needed. If these services are not integrated and interoperable over multiple (complex) environments, then we will need to implement a variety of security tools to appropriately secure these environments.

Eventually, all companies rely to some extent on cloud services. Adopting a cloud solution increases the attack surface of a company. Plus, it complicates the ability to appropriately address security issues such as:

  • Data breaches;
  • Lack of visibility and control;
  • Inappropriate Identity and Access management;
  • Account hijacking;
  • Insecure interfaces and API’s;
  • System vulnerabilities;
  • Data loss;
  • Inappropriate due diligence, and many more.

Approach

We have to address the challenges above in a consistent but delicate manner. We cannot sacrifice performance for security. Organizations should seek to find a balance between using on-demand cloud services and enforcing consistent controls, policies and procedures. This requires finding a security solution compatible with cloud and automation to help organizations advance as fast as possible while keeping also an adequate security level.

Securing the cloud requires a new approach to information security. Legacy security solutions do not function natively on a cloud environment. Therefore, we need to replace them with newer solutions that can effectively work across physical and cloud environment. In the end, organizations need to break up security management from data classification to be able to appropriately classify all resources regardless of the infrastructure they are running on (classic or cloud) as seaming less as possible.

The more the security solution can easily integrate cloud-based services, the more secure the organization will be.

Cloud Computing, a game-changer

There can be no question that cloud computing was, is, and will be a game-changer for many organizations. However, just using a cloud solution does not solve security problems. Organizations still need to take responsibilities for setting and monitoring its own attack surface and have rules for dealing with vulnerabilities. Even more, organizations are ultimately responsible for setting service transparency, visibility and evaluation methods before contracting any cloud supplier.

 

Top