IT administrators commenting on the stink view environmental control as a constant battle. They aver that the more security you build in, the more sophisticated security threats become and there is no denying this fact. But, no one would really like to throw up their arms and compromise with the situation! The instinct for survival is strong in us and we would battle on against all odds.
As organizations transition to cloud computing frameworks for enterprise applications, they must learn to leverage the many advantages of the cloud and secure the application ecosystem to ensure success of their security mechanisms. They must begin by identifying and acknowledging the problems that come packaged with cloud computing:-
1. There are no hardened security perimeters around the data in the cloud
2. Security configurations are not so easily visible or manageable
3. Some types of cloud configurations enforce resource sharing
4. Software virtualization layers increase the mobility of data and the risk of resource attacks
5. There are no standards for recycling of memory or disk space as yet, and
6. Data privacy and data confidentiality can be compromised if adequate measures are not taken
The battle can be won with strategy. Strategizing security will reduce risks and enable enterprises operate safely in public, private or hybrid clouds.
Cloud vendors must ensure security:
1. Security perimeters can be created by utilizing user firewall and security mechanism information and customizing security policies for the initial server and cloning such information onto virtual servers that inherit from it.
2. Security configurations can be made visible and manageable by providing software agents installed on the client machines with user control panels.
3. Resource sharing risks can be reduced by enforcing access protocols and layered security protocols.
4. Industry standard kernel level AES encryption can be used for near foolproof security for sensitive data stores.
5. Consumers can be encouraged to maintain unique encryption keys that are not accessible to the cloud vendor.
6. Granular level controls can be built in to ensure that all machines do not have access to encrypted data.
7. Vendors must define and implement the standards for recycling of memory and disk space that is being adopted by them.
8. Full audit trail of key approvals occurring on the management server can be logged to ensure constant monitoring of server activity.