The concept of security evolves in step with the changes that occur in the IT solutions themselves. The solutions in the cloud , in addition to offering a wide variety of services (storage, backup, office applications, web hosting, financial activity management, contacts, POS …),
they contribute improvements in the security with respect to the traditional options of storage in the own companies, although this does not mean that they are exempt of risk.
With the use of cloud computing solutions , the security of the system depends, to a large extent, on the providers of these services in the cloud. To better explain these aspects, we will begin by defining the different agents that participate in these cloud computing models.
Cloud service provider: is the company that has the necessary IT infrastructure to host the programs following the cloud computing model.
Client: is the one that contracts the services in the cloud (people, organizations or company) to benefit from the benefits for which it pays.
User: is the person or group of people that uses the benefits of the solutions. They do not necessarily have to be the client. For example, within a company, the end users are those who use the solutions, without having paid individually for them, but using them as employees of that organization.
Solutions in the cloud
The security mechanisms depend on the collaborative work between the service providers and the clients. The responsibility rests with both parties and it is recommended to work together to be protected against possible threats.
What security measures should providers of cloud solutions follow ?
The main task of cloud service providers is to prevent unauthorized persons from accessing the data. It is very important to keep updated the latest versions of the software to deal with the existing threats on the Internet. On the other hand, as mechanisms to strengthen security, virtualization and data segmentation are employed.
The virtualization is the process by which multiple virtual machines running within a single server, and each running an operating system in isolation. Using a hypervisor (application) controls which virtualization platform to use in each case and the space allocated for the use of each operating system.
On the other hand, data segmentation can be exploited as another security mechanism. Since the data is distributed in different servers or even in different data centers, extra security is obtained in the event of hypothetical thefts in the facilities of the service provider. In addition, the segmentation of the data offers the possibility of keeping copies of the data in different locations, almost simultaneously.
And the clients ?
The client is also responsible for keeping the operating system updated and installing the new security patches that appear. It is also necessary to maintain traditional security policies : control users, delete user accounts that are no longer used, or review the software to verify that it has no vulnerabilities, among others.
Among the specific mechanisms through which you can choose include: perimeter control, cryptography and log management.
The perimeter control is carried out through the installation and configuration of a firewall or firewall . It is the computer application responsible for monitoring all communications that are made from or to the computer or the network and decides whether to allow them depending on the rules established by the system administrator. To achieve a higher level of security, it is recommended to install and configure an Intrusion Detection System (or IDS). It is a computer application that allows and blocks connections, analyzing them to detect if they carry dangerous content for the entire network. In addition, it is able to categorize the different threats and inform the system administrator following a list of rules.
The cryptography is another protection mechanism consisting of data encoding to avoid understanding them when the encryption mechanism is not known. There are different levels of encryption depending on the type of communication that is established: between the network and the users of the application, the connections between the cloud administrators themselves and the storage data protection. If any unauthorized user intercepts the data or has access to the cloud file system, it will not be able to interpret the hosted content without knowing the encryption key.
The log management (event log file) is the only way to check computer activity, detect incidents and formulate a plan of action to prevent recurrence. The client must store and review all the logs that are under his responsibility. For example: the registry of users that access an application, the manipulation of the data and files of the virtual machine, or the registry of potentially dangerous connections detected by the IDS and by the firewall. It is also recommended to back up these logs and even store them on a different machine, because if an attacker takes control of the system in the cloud it could destroy the log files and all their traces.
Source: INCIBE – National Institute of Security
You want to know more? In this INCIBE guide you will find much more information, as well as the steps they recommend to “take the leap to the cloud”.
At Tecon Soluciones Informáticas we are approved by Red.es as a Cloud Solution Provider nationwide. Do you want to know more about our security solutions [SEE page] or about the Microsoft cloud, Azure ? [READ ARTICLE: What is Microsoft Azure? How does it work?]