Data Center Security Concerns
Cloud computing is perhaps one of the most powerful and promising solutions in the modern computing space. The ability to call external sources, create client workstations for users on the fly, and to scale dramatically given a wide range of possible solutions is extremely exciting, and makes Cloud solutions poised to become the de facto forward-thinking solution.
Unfortunately, Cloud computing has some serious concerns that many likely haven’t addressed as part of their security considerations. Because of the nature of the cloud and how it’s built to mimic common OS interactions in a classical sense, many think that you can treat the Cloud in the same way you would a local network resource. This is untrue, and extremely dangerous.
Today, we’re going to look into cloud computing. We’ll discuss what it is, how it’s typically implemented, and the special security concerns implied in its adoption.
What is the Cloud?
So what specifically is the cloud? In the simplest terms, we can call it a “collection of remote resources tied together to mimic a local resource”. That’s a big, simplistic overview, but it does work in a general sense. When a cloud solution is integrated, each element of a local resource, such as storage, processing, and input/output is moved from the internal network to an external endpoint.
This has a lot of implications for scalability, and that’s largely why it has been considered a great technology. If you asked a classical network to add 100 devices, you’d be hard pressed to do so in an economic, time efficient, useful way. Under cloud networking, it can be as simple as sending a single spin up request for new services, and you’re set to go.
Part of the problem with the cloud, though, is that it’s a new paradigm designed to function like an old one. Cloud systems have been created with average users in mind, and thus most cloud solutions mimic behaviors of local solutions like your laptop or workstation.
While that’s a great thing in terms of UX, it also means a propagation of bad habits and misunderstanding from the traditional ecosystems. These bad habits, formed from years and years of using local resources, carry over into the cloud solutions in a way that not only carry all the negative effects with them, but in fact magnify the results of these effects in a more complex, damaging, and complete way.
Bad Habits Die Hard
Part of these bad habits is a misunderstanding of what specifically a local resource does. Misconstruing data destruction for data erasure and vice versa, failure to configure proper security policies, and more can drastically harm a local network, but these failures are even worse on a forward-facing, quasi-public cloud solution.
Take for instance the nature of users to save revisions of a file. On a local system, this might be acceptable, as the data can be more easily tracked and controlled using revision management. In the cloud, however, multiple revisions might be stored on a device, on the local network, and on the cloud -- and these multiple revisions kept simply from habit form a network of data exposure.
That is really the crux, here -- a huge drawback of this category is the fact that the resources are not local, but they are often treated like local. Consider how much security you expect your email to have versus your basic file management on your operating system. You assume it’s local, thus you have depressed considerations of security. Many people think the same way about the cloud -- and this itself is a huge problem.
Identifying these habits is a great first step to fixing them, but the problems are a lot more complex than simple human behavior.
A huge concern for cloud solutions is the misconfiguration of the underlying systems in play. This security concern drastically magnifies small mistakes in ways that aren’t mirrored on the local system. For instance, requesting a write operation for a new drive partition on the local network is not that big a deal - requesting the change over hundreds of devices and improperly configuring this change can cause a cascade failure effect, reducing overall security and availability.
Another huge security concern is the fact that, when using a cloud-based system, data will inevitably leave the network. On a local system, data is kept internal - everything is processed internally, and thus data is kept secure during the processing stage.
For cloud services, this is not true -- data will inevitably leave the network for the cloud system, resulting in yet another point of potential failure that needs to be checked and monitored for security purposes.
Physical Barrier Elimination
A big benefit of the rather limiting nature of the traditional local network is that in order to use resources on the network, you have to be on the network. This is not so with cloud solutions, where a user can theoretically access resources from almost anywhere on the planet.
This shift means that, as much as security is always a concern, these concerns are amplified due to the ability for users to access these resources using mobile devices, laptops, and other remotely connected devices.
This obviously has serious data implications, but also requires more complex security policies to ensure data is not stored locally in cached forms.
A major issue with Cloud Storage is the vulnerability of sharing a server with another subscriber to the cloud provider. In our post, Cloud vs. Physical Data Storage, you can read about the risks of shared access. Sharing virtual space with another business or individual who may have more lax data management practices could open up the other virtual tenants to potential data breaches. If a hacker were able to access one tenant's data it's likely the other tenants would be vulnerable to attack.
Multitenancy is largely unexplored and rightfully makes IT professionals nervous, here you can read how researchers were able to access other tenant's private information.
Finally, cloud computing is complex. This complexity adds a lot of functionality, but it also adds many points of failure that would otherwise not exist. Even barring these additional points of failure, though, there’s still some issues with increased complexity.
Chief of which is the fact that as a system gets more complex, it becomes harder to check for errors and other issues. A local network has a limited set of functions and elements. A cloud system is much more complex, and has more diverse items connecting to it.
This ultimately means that what might be an easy identification for a local network becomes much harder to identify, and as a sum total system, this means dramatically decreased security if not properly managed.
A great tool that can help mitigate many of these issues is Clarabyte Complete. Designed to be a complete suite, this platform leverages several powerful solutions to identify points of failure and mitigate any potential issues long before they become big ones.
Claracheck is a great solution for many of the issues highlighted here. The system automates the diagnostic process, identifying driver injection, managing data migration, and assuring proper security policies.
As part of Clarabyte Complete, ClaraWipe is also a great tool for data destruction and secure wiping. ClaraWipe supports or adheres to the following standards, making it a gold-standard solution for the industry at large:
- Sarbanes-Oxley Act (SOx)
- HIPAA & HITECH
- The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
- US Department of Defense 5220.22-M
- CSEC ITSG-06
- Payment Card Industry Data Security Standard (PCI DSS)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- EU data protection directive of 1995
- Gramm-Leach-Bliley Act (GLBA)
- California Senate Bill 1386
- and others.
Additionally, Clarabyte Complete offers Clarasell, a feature-rich commerce-oriented application that helps identify added value and potential leads within your own data. While this doesn’t help in terms of security, it’s an added benefit, and certainly one that takes Clarabyte Compete to a whole new level.