The IT industry is smarting under certain deficiencies— urging noted stalwarts to bring forth the blooming concept of cloud computing. This technology has now taken a center-stage— managing and maintaining multiple burdens— synonymous to this industry. Some might argue about Cloud Computing’s efficacy in the smaller industries but lesser the data— greater is the systematic confidentiality. Again, bigger organisations have already advocated the inclusion of Cloud Computing— putting up theories regarding traffic volume, big data and a plenty more.
A closer look at Cloud Computing showcases several hard-hitting benefits. It all begins with the management of Big Data stores— working in harmony with virtual and distributed services. Remote servers are handled with ease as the Internet allows us to store, process and manage data. Cloud computing adopts a cohesive approach— running applications over something called the ‘Cloud Service Provider’. This has now relieved the IT conglomerate from the perils of ‘Local Server Maintenance’.
However, every great invention comes with loopholes and a few responsibilities. Implementing this tool wouldn’t be a great idea unless the security concerns are looked into— beforehand. Better understanding of Cloud Computing theorises the discussion of grey areas and plans towards mitigating each one of them. When an organisation adopts this technology— valuable pieces of information are sent over to the virtual servers— under the supervision of the Hypervisor. This is the vulnerable point and has to be secured— in order to keep the information safe.
Stack Models associated with Cloud Computing
For details to be spilled— one must understand the technicalities associated with Cloud Computing Models. These are synonymous to the services offered— starting from ‘Software as a Service’—‘Platform as a Service’ and finally ‘Infrastructure as Service’. However, some of the service providers make multiple offerings to the user— including ‘Amazon Web Services’ and the highly beneficial— Microsoft Azure. These entities offer both platform and infrastructure oriented services.
SaaS models offer software oriented services. The service provider hosts applications over the web and the user can access the same with predesignated accounts. End-User application for desktops have now been replaced with the SaaS models— on-board.
Examples: Some of the ‘Software as a Service’ precursors include Cisco Webex, Google Apps, Flickr, Concur and several more.
Threats: Common risks include password thefts and login violations.
PaasS models allow users to access hardware and platforms— put up by the providers. Most dwelling developers make use of software components for creating applications— working as the Middleware.
Examples: Associated entities include ‘Amazon Web Services’, Apprenda, GoDaddy and many more.
Threats: PaaS hazards include unwanted access and breached authentication.
IaaS brings in infrastructure— hosted and completely maintained by the service provider. Everything out here is rented— starting from virtual machines to physical structures. One can also avail VPNs, VDCs and even firewalls.
Examples: Live IaaS models include Google Compute Engine, Amazon EC2, Rackspace and a few more.
Threats: Some of the pertinent issues include lack of physical protection and data protection.
Cloud Computing Hazards: Enumerating ten of them
-
It all starts with Data Breach— with information loss being a threat. If the cloud computing models are compromised— Home depots and even Credit Card details are liable to forgery. Most of the reputed firms will then be facing harassments. Data Breach infiltrates the softest spot of this technology— utilizing remote gadgets towards parallel jobs. As Cloud Computing consists of nodal points— it is easy to infiltrate any or all by the attacker. Once the Hypervisor is sabotaged— there is no bringing back the lost information and ofcourse, credibility.
-
Next in line is Data Loss— occurring out of an accident. Some examples include a corrupted disk without a backup— misplacing the data key or any human error. However, any sort of Data Breach might also lead to data loss— giving way to a constant loop.
-
Traffic Hijacking: Most of the vulnerabilities arise out of hacking, phishing and even occasional data stealing. Hackers often resort of session riding— stealing user cookies. This way an invader can easily view the transactions— interfering with records and systems.
-
DoS: The Cloud Computing technology has been long affected by ‘Denial of Service Attacks’. This issue is best understood with virtual machines cutting off services— without prior intimation. Bills will be incurred on a higher rate as the invader might be using the resources. DoS is a threat— almost everywhere but with Cloud Computing depending upon virtual machines— damages are far greater.
-
Careless Insiders and Malicious Threats form a greater part of these intricacies. These include saboteurs and a few unhappy employees. This isn’t completely specific to cloud computing but can cause several potential damages. This is a breach from inside the organisation— compromising the CSP tenants. These issues can be mitigated using third-party audits.
-
Finally we can count in the insecure APIs— for rendering services on a massive scale. Besides platform services these APIs can also offer high-end cloud access. However, attackers can use the APIs for their applications. The customer data is therefore manipulated.
-
Cloud services are often abused in the form of DDos attacks and malware deployment. Most service providers are now well-equipped in handling these attacks and get out of the same.
-
Most organisations fail to understand the entire concept of cloud computing and make mistakes while hiring CSPs. The knowledge gap is imminent but organisations must be wary of the multiple contractual obligations. They must not be diligent. The most important part is to ask the right questions to the concerned CSP. Organisations must make it a point to include the most important clause in the contract—asking CSPs to delete the company data efficiently— once a new service provider is called in for the job.
-
Cloud computing is typically a combination of shared infrastructure— with multiple devices paired up in a virtual sphere. Therefore shared technology might just be the loose end with the entire concept of Cloud Computing as controlling a device or any part of the arrangement will compromise with the APIs, Operating Systems and even user privacy.
-
Service Quality can be an issue as even CSPs are bound to fail at times. The assurance of uninterrupted power, quality services and backups might not hold at every single point of time. An alternative way to criticality must always be there with the organisation.
Mitigating the Risks
-
Organisations need to implement certain protective measures like avoiding account sharing credentials. Two-factor techniques for account authentication is yet another method.
-
Before hiring a CSP— the organisation needs to review the references and security history. They need to check whether the service provider adheres to the set of industrial standards— concerning the job in hand.
-
Companies must make the best use of the SSOs. The Single-Sign-In is a great way of segregating the accounts— with lesser options in store— for the users to fall back upon. It is easier to manage accounts as customers are less likely to forget the passwords and login details.
-
Third-Party audits are extremely vital. Organisations must start working with experts to learn more about the Cloud Computing Technology. This is also a great way of gauging CSP compliance.
-
Another way out is end-to-end encryption— allowing CSPs to manage data even when it is in the static mode. Most providers guarantee transit services but we are always well-off with end-to-end solutions—pertaining to the time period— even prior to uploads. Storage encryption is therefore important as even after the transit— data can be encrypted using the secured key. Data mobility is yet another trait that needs to be included. Regardless of the nature— Data sources have to be secured by the CSPs— in a manner that covers all the loose ends. Secured communication protocols like TLS and SSL are also used— mainly for implementing end-to-end encryption.
-
What works well is an updated machinery. In-House applications need to be included as most CSPs falter if the software in store is obsolete and outdated. Most risks like data breaches, data loss and others can only be mitigated if the software versions are new. Even the browsers need to be updated— in order to keep up with the competition.
Conclusion
Cloud Computing is still a new technology— with several benefits in store for the companies and even individuals. For us to make the most of this technology— armed approach and open eyes are needed. We have now seen those pertinent threats, showing up rather frequently. The best way to deal with them is to be proactive in our approach. As Cloud Computing involves several nodal points including storage, processing, transmission, networking, user access and application security— every arena is prone to attacks and infringements. To avoid these— the hypervisor needs to be beefed up with highly secured techniques. In-House IT strategies have to be implemented with care— including shared services. The only concern should be high security standards— addressing the grey areas associated with Cloud Computing technology. In-House deployments are necessary— only for keeping a track of the data stores and information sources. With Big Data growing up as a huge entity— it will soon be all about Cloud Computing.
from Darlene Milligan http://ift.tt/1R5I6JB via transformational marketing
from Tumblr http://ift.tt/1nvKfQM
No comments:
Post a Comment