Concerns with cloud computing


Published on

Gartner did an Audience survey at the Gartner US data center conference Dec 2013 showing that the No. 1 Issue Slowing Adoption of Public Cloud Computing was Security. Cloud is a place where 82% of organization will store sensitive data in the next 2 years according to a study from Ponemon Institute. The Ponemon Institute concluded that Cloud security is an oxymoron for many companies. Sixty-two percent of respondents do not agree or are unsure that cloud services are thoroughly vetted before deployment. Sixty-nine percent believe there is a failure to be proactive in assessing information that is too sensitive to be stored in the cloud. 46 percent of IT professionals in this study say their organizations have stopped or slowed the adoption of cloud services because of security concerns, indicating there is still work to be done to continue advancing cloud adoption. Cloud Security Alliance (CSA) showed that reported cloud outages due to “Insecure Interfaces & APIs”accounted for 29% of all threats; and “Data Loss & Leakage” accounted for 25% of all threats reported. 25% of reported cloud outages did not reveal the causes of the outages. The aim of this report is to encourage transparency and accountability from cloud service providers. Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security. A private cloud gives a single Cloud Consumers organization the exclusive access to and usage of the infrastructure and computational resources. But Consumer has limited capability to manage security within outsourced IaaS private cloud. Depending upon the type of Cloud Deployment Model additional threats vectors (that would have not come into the equation for a non-cloud deployment) could be induced. An example of such a threat vector in a SAAS deployment would be induced by multi-tenancy when the same application run time is being used to service multiple tenants and their segregated data. Cloud computing may present different risks to an organization than traditional IT solutions. Examples from Cloud Security Alliance highlighting concerns that Virtualization is bringing. This is one of the key elements of Infrastructure as a Service (IaaS) cloud offerings and private clouds, and it is increasingly used in portions of the back-end of Platform as a Service (PaaS) and SaaS (Software as a Service) providers as well. Just to mention a few examples: A few exmples of Hypervisor Architecture Concerns include: VM Encryption - Virtual machine images are vulnerable to theft or modification when they are dormant or running. The solution to this problem is to encrypt virtual machine images at all times, but there are performance concerns at this time. For high security or regulated environments, the performance cost is worth it. Encryption must be combined with administrative controls, DLP, and audit trails to prevent a snapshot of a running VM from “escaping into the wild,” which

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Concerns with cloud computing

  1. 1. Concerns with Cloud ComputingConcerns with Cloud Computing Ulf Mattsson CTO, Protegrity
  2. 2. What Is Your No. 1 Issue Slowing Adoption of Public Cloud Computing? 2
  3. 3. Sensitive Data in the Cloud 3 Of organizations currently (or plan to) transfer sensitive/confidential data to the cloud in the next 24 mo.
  4. 4. Lack of Cloud Confidence 4 Number of survey respondents that either agree or are unsure that the cloud services used by their organization are NOT thoroughly vetted for security.
  5. 5. Stopped or Slowed Adoption 5 Source: The State of Cloud Security Blue: Most recent data
  6. 6. Data Loss & Insecure Interfaces 6 Number of Cloud Vulnerability Incidents by Threat Category
  7. 7. Computing as a Service: • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (IaaS) What is Cloud Computing? Delivered Internally or Externally to the Enterprise: • Public • Private • Community • Hybrid 7
  8. 8. Software as a Service (SaaS) Typically web accessed internet-based applications (“on-demand software”) Platform as a Service (PaaS) An internet-based computing platform and solution stack. Facilitates deployment of Service Orchestration Applications 8 solution stack. Facilitates deployment of applications at much lower cost and complexity Infrastructure as a Service (IaaS) Delivers computer infrastructure (typically a virtualized environment) along with raw storage and networking built-in
  9. 9. Public Cloud 9
  10. 10. Public Cloud 10
  11. 11. Public Cloud – No Control 11 Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security.
  12. 12. Private Cloud Outsourced Private Cloud 12 On-site Private Cloud
  13. 13. Private Cloud – Limited Control Outsourced Private Cloud Consumer has limited capability to manage security within outsourced 13 On-site Private Cloud within outsourced IaaS private cloud.
  14. 14. Threat Vector Inheritance 14
  15. 15. Virtual machine guest hardening Hypervisor security Inter-VM attacks and blind spots Performance concerns Operational complexity from VM sprawl Instant-on gaps Virtualization Concerns in Cloud Instant-on gaps Virtual machine encryption Data comingling Virtual machine data destruction Virtual machine image tampering In-motion virtual machines 15