Richard marshall information_security_in_the_government_workshop6
Information Security in the Government Workshop Cloud and e-Service Security Disaster, Data Loss and the Cloud Dr. Richard H.L. Marshall, Esq.
Disaster, Data Loss and the Cloud• Many Companies and USG agencies consider their data to be their most valuable asset.• However, they’ve been challenged trying to keep their “crown jewels” safe, especially from the increasing number of natural disasters as well as host of man-made problems.• The cloud offers a way to better protect their data. The growing acceptance of using the cloud to safely store data will continue to increase as costs come down and ease of accessibility increases.• Storage and backup solutions are the most popular cloud applications.• The cloud provides many benefits over traditional methods of storing and backing up data such as using USB flash drives or CDs/DVDs.• Cloud backup is automatic and restoration is simplified.
Reassing Cloud Security• The cloud provides numerous mechanisms for safeguarding data.• Traditionally, a program runs on a dedicated physical machine and any system outage or physical issue would impact the program directly and result in data loss.• With the cloud, the program runs on a virtual machine. The physical layer is separated from the software layer.• This pools all the physical resources, allocating them when they are needed, and eliminates the single point of failure in the traditional approach.• The cloud operating system supports data storage by distribution mode or mirror mode, meaning that the data will be duplicated and stored in different physical disks in the pool.• Cloud advocates assert that this guarantees data safety and allows for easy data recovery
Reassing Cloud Security• Organizations such as the USG opt to implement a multipronged approach to data protection.• It can provide automatic data encryption, auditing of operation logs, more stringent ways to authenticate users and other security mechanisms.• Security concerns include authentication, authorization, accounting (AAA) services; encryption; storage; security breaches; regulatory compliance; location of data and users; and other risks associated with isolating sensitive corporate data.• Add to this array of concerns the potential loss of control over your data, and the cloud model starts to get a little scary.• No matter where your applications live in the cloud or how they are being served, one theme is consistent: You are hosting and delivering your critical data at a third-party location, not within your four walls, and keeping that data safe is a top priority.
Reassing Cloud Security• The problem is that you really do not know where in the cloud the data is at any given moment.• IT departments are already anxious about the confidentially and integrity of sensitive data.• Hosting this data in the cloud highlights not only concerns about protecting critical data in a third-party location but also role-based access control to that data for normal business functions.• The cloud does not lend itself to static security controls.• Like all other elements within cloud architecture, security must be integrated into a centralized, dynamic control plane.• In the cloud, security solutions must have the capability to intercept all data traffic, interpret its context, and then make appropriate decisions about that traffic, including instructing other cloud elements how to handle it.
Reassing Cloud Security• One of the biggest areas of concern for both cloud vendors and customers alike is strong authentication, authorization, and automatic encryption of data to and from the cloud.• Users and administrators alike need to be authenticated—with strong or two-factor authentication—to ensure that only authorized personnel are able to access data.• And, the data itself needs to be segmented to ensure there is no leakage to other users or systems.• AAA services along with secure, encrypted tunnels to manage your cloud infrastructure should be at the top of the basic cloud services offered by vendors.• Since data can be housed at a distant location where you have less physical control, logical control becomes paramount, and enforcing strict access to raw data and protecting data in transit (such as uploading new data) becomes critical to the business.