CSO - I'm a CIO or CSO of a corporation that has yearly revenues of $1 billion or more. What are the security concerns that I have before I'm willing to deploy my IT infrastructure into a cloud? Let's flesh out the following security issues: What belongs in the cloud? How should sensitive data be protected? How are encryption upgrades addressed? How do I limit access to sensitive data? And how will critical systems metadata (data describing data) be tracked?
See also: Cloud security: The basics
Let's assume that each corporation has a variety of firewall segments and corresponding network equipment within the cloud-computing vendor's cloud. Each segment will have a variety of applications it supports. Because other companies may be in the same cloud, they may share the same firewall segment and network components, the same database, virtualized operating system, and virtualized storage. (Related: Small clouds: Security selection criteria)
First, let's look at some realistic security constraints about the cloud vendor. It may be difficult to deploy all a corporation's infrastructure within the cloud because of a lack of standardization within the businesses' current IT applications. For example, one of the clients I worked for had a mainframe solution that was integrated with a web service. The web service interfaced with a POS (point of sale) system and communicated with the mainframe using a proprietary port over TCP/IP. The mainframe received and stored sensitive credit information. For this solution, all of the POS solution, web service, and TCP/IP communication could be put in the cloud. But, the mainframe's application, proprietary storage infrastructure, and encryption techniques make it hard to put it into the cloud. The mainframe application could be potentially ported but would likely require a difficult rewrite. It would not be wise to do this without performing a ROI (return on investment) review.
A second concern is access to sensitive data. How is sensitive data stored in the cloud? SAN (storage area network) subsystems stripe data over many drives in the storage array. Do I want to stripe encrypted data over the entire array of disks? My concern is that corruption in a database, file system, or a disk or solid state drive may spread to other applications sharing data (virtualized) within the same subsystem. So I want a method to isolate the encrypted data in the database, file system, or on disk. The bounding of data will limit the effects if corruption occurs.
Thirdly, how is the encryption algorithm for the stored data going to be updated? Encrypted data that is stored within various databases and file systems will need to be upgraded because as processor speeds increase it is easier to hack data. So this data will need to be unencrypted with the older encryption algorithm and re-encrypted with a new algorithm. Because of the newer algorithm, the newly encrypted data may take up a larger footprint in the database or file system. This also needs monitoring.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts