CLOUD MIGRATION

Safety First: Overcoming Cloud Computing Security Threats

Cloud ser­vices have be­come in­valu­able for busi­nesses of all sizes with the ben­e­fits they pre­sent. Decreased in­fra­struc­ture costs, con­tin­u­ous de­liv­ery, ac­cess to wider mar­kets and bet­ter in­ter­ac­tion with mo­bile apps are all ad­van­tages of cloud com­put­ing. So why is it that some com­pa­nies re­main scep­ti­cal about mov­ing to the cloud?

74% of IT ex­ec­u­tives and CIOs cited cloud com­put­ing se­cu­rity as the top chal­lenge pre­vent­ing their adop­tion of the cloud ser­vices model. There’s been this neg­a­tive pub­lic­ity sur­round­ing the cloud fol­low­ing some se­ri­ous data leaks by ma­jor cor­po­rate en­ti­ties. I’m sure you’ve heard about Equifax, one of the largest credit bu­reaus in the US, that had a data breach leak­ing per­sonal in­for­ma­tion of over 14.9 mil­lion con­sumers. This prompted wide­spread crit­i­cism and a gen­eral be­lief that mov­ing to the cloud is un­safe. However for the most part, these se­cu­rity con­cerns are pre­ventable.

Software as a Service is a form of cloud com­put­ing where ap­pli­ca­tions are hosted by the ser­vice provider and made avail­able to clients over the in­ter­net. In SaaS, the client has to de­pend on the provider for proper se­cu­rity mea­sures. The provider must en­sure that mul­ti­ple users do not see each oth­er’s data. SaaS is con­cerned with sub­sti­tut­ing ap­pli­ca­tions, hence providers must en­sure they pre­serve the se­cu­rity func­tion­al­ity pro­vided by the legacy ap­pli­ca­tion in or­der to achieve a suc­cess­ful data mi­gra­tion. For more on mi­grat­ing ap­pli­ca­tions to the cloud.

Data Security

In the SaaS model, the en­ter­prise data is stored out­side the en­ter­prise bound­ary. Because the data is stored at the ven­dor’s end, they must re­main ac­count­able for con­duct­ing ad­di­tional se­cu­rity checks to en­sure data se­cu­rity. In or­der to over­come this vul­ner­a­bil­ity, ven­dors use as­sess­ments to test and val­i­date the se­cu­rity of the data. Some as­sess­ments in­clude, but are not lim­ited to, cross site script­ing, OS and SQL in­jec­tion flaws, cross-site re­quest forgery and cookie ma­nip­u­la­tion. The range of as­sess­ments and tests high­light the im­por­tance of a re­li­able ven­dor when mov­ing to the cloud.

Vendors that of­fer a high level of se­cu­rity will also of­fer two-fac­tor au­then­ti­ca­tion tools (2FA) for user lo­gins, to pro­tect users from data leaks. These 2FAs re­quire a sec­ond ver­i­fi­ca­tion, be­yond a pass­word, for a per­son to lo­gin to an ac­count. An ex­am­ple would be a code sent to your phone, or a thumbprint scan. This type of ver­i­fi­ca­tion can­not be repli­cated by some­one who ob­tains data leaked by the cloud.

Image

Data Integrity

Data in­tegrity in a stand­alone sys­tem is achieved via data­base con­straints. Cloud com­put­ing some­what com­pli­cates this be­cause there is a mix of on-premise and SaaS ap­pli­ca­tions ex­posed as ser­vice. HTTP does not sup­port trans­ac­tions or guar­an­teed de­liv­ery, so the only op­tion is to im­ple­ment these at the API level. Vendors must ap­proach this se­cu­rity threat cau­tiously when mov­ing ap­pli­ca­tions to the cloud.

Data Segregation

Hosting mul­ti­ple clients data is one of the ma­jor traits of cloud com­put­ing; hence mul­ti­ple users can store their data. Intrusion of data of one user by an­other be­comes pos­si­ble since the data is hosted in the same lo­ca­tion. This in­tru­sion can be done ei­ther by hack­ing through the loop holes in the ap­pli­ca­tion or by in­ject­ing client code into the SaaS sys­tem. To en­sure in­tru­sions are not pos­si­ble, the sys­tem must be able to seg­re­gate the data from dif­fer­ent users.

Data Confidentiality

Due to the na­ture of cloud com­put­ing, com­pa­nies deal­ing with con­fi­den­tial in­for­ma­tion will need to dis­close that in­for­ma­tion to the ven­dor. This raises con­fi­den­tial­ity con­cerns. A good ven­dor will of­fer to sign a non-dis­clo­sure agree­ment to ad­dress this is­sue. This en­sures that any breach caused neg­li­gently by them is legally ac­tion­able by your com­pany.

I’m not pur­port­ing to put any­one off cloud com­put­ing, on the con­trary, I’m a big fan of cloud com­put­ing. This ar­ti­cle is sim­ply en­sur­ing you know about the risks as­so­ci­ated with it. Once these risks are ad­dressed, you will en­joy dig­ging up and un­leash­ing your cloud mi­gra­tion. Don’t be that per­son who parks in 2 hour zone for 4 hours and naively be­lieves they’ll be ok. Be cau­tious and you will be amazed with the ben­e­fits of cloud com­put­ing.

ABOUT THE AUTHOR

Matt Francis

Brewer of beers, smoker of meats

Get cu­rated con­tent on soft­ware de­vel­op­ment, straight to your in­box.

Your vi­sion,

our ex­per­tise

Book a con­sul­ta­tion