The promising features of cloud platform and cloud computing like agility, flexibility, productivity, and profitability, among others, have driven the organisations to use in their benefits. But one thing to keep in mind is that everything has its pros and cons.
When we think of the other side of using the cloud, the first thing comes to mind is cyber crimes and attacks. A survey on the future of cloud study suggests that 83% of an organisation’s workload will be driven by the cloud by the year 2020. The more the data in the cloud, the more vulnerable it is to get attacked.
For example, earlier this month, Gurugram-based online travel agency, Ixigo faced data breaching where 18 million records, mostly emails and hashed passwords of the users were stolen.
According to the Cloud Standards Customer Council (CSCC), there are various factors that are responsible for cloud security risks which include such as isolation failure, loss of governance ownership, responsibility ambiguity, vendor lock-in, service unavailability, business failure of provider, malicious behaviours of insiders, personal data regulation, etc.
The following steps will provide a perspective series for cloud service customers in order to evaluate and manage the security and privacy of the cloud services.
1| Ensure effective governance, risk and compliance processes exist
An effecting governance can be ensured by establishing chains of responsibility, authority, and communication. It is essential to update security requirements developed for enterprise data centres to produce requirements suitable for the use of cloud services.
2| Audit Operational And Business Processes
It is crucial for the customers to see reports of the cloud service provider’s operations by independent auditors by accessing to the corporate audit trail, including workflow and authorisation when the audit trail spans cloud services as well as getting an assurance of the facilities for management and control of cloud services and how such facilities are secured.
3| Manage People, Roles And Identities
The customers of the cloud platform must be ensured that the cloud service provider (CSP) has processes as well as functionality that governs who has access to the customer’s data and applications. The CSP must have a secure system for provisioning and managing unique identities for their users and services.
4| Ensure Proper Protection Of Data
Cloud provider’s implementation and maintenance of effective security controls become a critical consideration when ensuring the protection of data in cloud services. There are some providers which provide end-to-end encryption and decryption of your files in addition to storage and backup which means that the cloud service providers are taking care of both, encrypting your files as well as storing them safely on the cloud.
5| Enforce Privacy Policies
It is critical that privacy requirements be adequately addressed in the cloud service agreement. If not, the cloud service customer should consider seeking a different provider or not placing sensitive data in the cloud service.
6| Assess The Security Provisions For Cloud Applications
In order to protect an application from various types of breaches, it is important to understand the application security policy considerations based on the different cloud deployment models. Also, the responsibilities differ depending on the deployment model.
7| Ensure Cloud Networks And Connections Are Secured
A CSP must allow legitimate network traffic and block malicious network traffic. The providers should also give users the necessary tools to segment and protect their systems.
8| Evaluate Security Controls On Physical Infrastructure And Facilities
In cloud computing, the security of a system extends to the infrastructure and facilities of the cloud service provider. Effective physical security requires a centralised management system that allows for correlation of inputs from various sources. The user must get assurance from the provider that appropriate security controls are in place.
9| Manage Security Terms In The Cloud Service Agreement
The Cloud Service Agreement (CSA) specifies the services provided and the terms of the contract between the customer and provider. The CSA should explicitly document that providers must notify customers in a timely manner of the occurrence of any breach of their system.
10| Understand The Security Requirements Of The Exit Process
From the security perspective, it is crucial that once the customer has completed the termination process, they should not remain any longer with the CSP. Also, the provider must ensure that any copies of the data are permanently erased from their environment, wherever the copies may have been stored.
Bottom Line
With the growth of data in the cloud, it is very crucial to protect cloud servers and thus cloud server providers (CSP) have launched new and modified cloud security technologies to prevent such attacks. Last year, Google introduced shielded virtual machines which leverage advanced platform security capabilities to protect cloud servers.