Published on the 15/10/2015 | Written by Pravin Kumar C
Enterprises start enjoying their cost savings within months of their cloud adoption – but have they given sufficient thought to security, ponders Pravin Kumar C…
Features like guaranteed uptime, automated backups, and the ability to scale with ease have made cloud storage an attractive proposition. Enterprises are tempted to leverage cloud in all possible models like SaaS, PaaS, and IaaS. However, security concerns can hold back many CIOs from jumping on the cloud storage bandwagon. The items relating to security concerns that enterprises need to seriously consider before adopting cloud storage include:
Auditing across all application tiers – Enterprises look forward to having complete control over their data and configuration changes. Enterprises need answers concerning the “who,” “what,” and “when” associated with their data and configuration changes. Failed logons and traces of sensitive of information in log files should also be auditable from enterprises standpoint.
How secure is the cloud provider’s API? – Cloud providers supply APIs to end users for managing their data in the cloud. APIs that accept input from users should be thoroughly tested for cross-site scripting and SQL injections. Allowing clear-text passwords or improper authorisations could pose a serious threat to the underlying data. Individual API calls involving application transactions will serve as a potential target for hackers. Hence, any API calls to application transactions need to be logged and monitored. Enterprises have to ensure that a cloud provider’s API is safe before moving data to the cloud.
Malicious insiders – Enterprises mitigate the threat of malicious insiders by following due diligence during recruitment. While adopting cloud storage, enterprises do not have any control over the providers’ employees. Moreover, enterprises lack the visibility of cloud provides’ hiring procedures and policies. This raises concerns for enterprises when it comes to potential, insider data breaches.
Geographic challenges – Cloud providers replicate data to multiple data centres across the globe. While enterprises could be breathe a sigh of relief that they have mitigated the risk of natural disasters, the data is now exposed to search and seizure by local government authorities.
Account hijacking – When many enterprises start moving towards the cloud, it becomes a sweet spot for the hackers. Attacks on Dropbox, Snapchat and others raise suspicions about the reliability of cloud services. Cloud providers to mitigate such risks should follow stronger password policies and multi-factor authentication.
Who owns the data? – Most cloud providers have contractual clause noting sole ownership of the data. This helps cloud providers avoid legal hassles when things go wrong. It also gives cloud providers a huge advantage as they can now mine the data and can unlock various opportunities. But that clause can be a serious threat for enterprises because the provider is entitled to use the data any way it sees fit and it can even sell the data to any third party.
For enterprises looking to scale, cloud storage seems to be most plausible solution. However, the security challenges threaten to turn the cloud dark. As a consequence, enterprises need to exercise due diligence to find the cloud’s silver lining.
ABOUT PRAVIN KUMAR C//
Pravin Kumar C is product manager for ManageEngine.