CSO - I'm a CIO or CSO of a corporation that has yearly revenues of $1 billion or more. What are the security concerns that I have before I'm willing to deploy my IT infrastructure into a cloud? Let's flesh out the following security issues: What belongs in the cloud? How should sensitive data be protected? How are encryption upgrades addressed? How do I limit access to sensitive data? And how will critical systems metadata (data describing data) be tracked?
See also: Cloud security: The basics
Let's assume that each corporation has a variety of firewall segments and corresponding network equipment within the cloud-computing vendor's cloud. Each segment will have a variety of applications it supports. Because other companies may be in the same cloud, they may share the same firewall segment and network components, the same database, virtualized operating system, and virtualized storage. (Related: Small clouds: Security selection criteria)
First, let's look at some realistic security constraints about the cloud vendor. It may be difficult to deploy all a corporation's infrastructure within the cloud because of a lack of standardization within the businesses' current IT applications. For example, one of the clients I worked for had a mainframe solution that was integrated with a web service. The web service interfaced with a POS (point of sale) system and communicated with the mainframe using a proprietary port over TCP/IP. The mainframe received and stored sensitive credit information. For this solution, all of the POS solution, web service, and TCP/IP communication could be put in the cloud. But, the mainframe's application, proprietary storage infrastructure, and encryption techniques make it hard to put it into the cloud. The mainframe application could be potentially ported but would likely require a difficult rewrite. It would not be wise to do this without performing a ROI (return on investment) review.
A second concern is access to sensitive data. How is sensitive data stored in the cloud? SAN (storage area network) subsystems stripe data over many drives in the storage array. Do I want to stripe encrypted data over the entire array of disks? My concern is that corruption in a database, file system, or a disk or solid state drive may spread to other applications sharing data (virtualized) within the same subsystem. So I want a method to isolate the encrypted data in the database, file system, or on disk. The bounding of data will limit the effects if corruption occurs.
Thirdly, how is the encryption algorithm for the stored data going to be updated? Encrypted data that is stored within various databases and file systems will need to be upgraded because as processor speeds increase it is easier to hack data. So this data will need to be unencrypted with the older encryption algorithm and re-encrypted with a new algorithm. Because of the newer algorithm, the newly encrypted data may take up a larger footprint in the database or file system. This also needs monitoring.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!