Cloud Security

by admin

Security on the Cloud doesn’t change drastically from what we have been doing traditionally in our own datacenters. We still need to address:

  1. Confidentiality: Confidentiality begins when people, doing their jobs, have a “need to know” to gain access to sensitive resources. Confidentiality is usually provided using the principle of least privilege, which means that people are given just the access they need to access sensitive data. The security architect uses data classifications, access controls, and cryptography to help ensure the confidentiality of resources.
  2. Integrity: Integrity comes in two forms: making sure that information is processed correctly and not modified by unauthorized persons; and protecting information as it transits a network. Integrity controls include transaction controls, digital signatures, well-formed transactions, and proper system development methods.
  3. Availability: Availability aims to ensure that systems are up and running so that people can use them when they are needed. There are many availability defenses, such as clusters, generators, backups, and hot sites. Some threats to availability include natural and human-made disasters, and denial-of-service attacks.

All three of these goals interact with one another to help ensure information security. For example, encryption provides confidentiality, but if keys are lost, that provides an availability problem. The three opposites of these goals are often called DAD: destruction, alteration, and disclosure.

What cloud introduces is the shared responsibility model. Ideally the information security officer has responsibility for monitoring and enforcing organizational governance associated with the protection of all the business information assets from intentional and unintentional loss, disclosure, alteration, destruction, and unavailability. As cloud computing becomes more ingrained into an organization’s operations, these responsibilities will only expand, and execution of these responsibilities must be shared with one or multiple cloud service providers.

Leave a Reply

Your email address will not be published. Required fields are marked *