Security Challenges Faced by Cloud Hosting - Building in Security

As mentioned in part one of this article there are multiple stages at which information stored through cloud hosting platforms must be protected against data loss and unauthorised access. The first step is to secure the physical elements of a cloud hosting platform as described, however, the additional steps involve architectural and software based security measures to protect not only the platforms on which the data is stored, but also the data in transit and the subsequent points of access that allow valid users to interact with the data.

Public Cloud Models
Cloud offerings, including cloud hosting, can be broadly categorised, in terms of the way they are deployed (regardless of whether they are Infrastructure, Platform or Software as a Service), as either being Public Cloud, Private Cloud or Hybrid Cloud (a combination of the two). Much of the distinction between public and private clouds revolves around levels of security and privacy rather than technical specifications. As the name suggests, public clouds use points of access which are accessible on public networks (e.g., the internet), public networks to transfer information and shared clustered cloud servers to store information. Essentially anyone can 'knock on the door' of the cloud service, attempt to intercept its information in transit and potentially share its server resources. The services, should of course be protected by end point authentication, data encryption and anti-virus/firewall measures on the server platform to keep data secure but they are exposed to 'attack' at almost every point in their architecture. It is therefore important that consumers of such services are aware of what risks each service carries and what the provider puts in place to safeguard their customers' data.

Private Cloud
For organisations dealing with highly sensitive data, however, they may demand more restrictions on who can attempt to access the cloud service, the networks it utilises and the sharing of cloud servers. In particular, some organisations will be governed by regulation which demands that they retain control of data for which they are ultimately responsible.

Private clouds may employ differing architectures, but they are defined by providing the aforementioned security measures. Servers can be located on an organisation's own premises or within a data centre facility but they will be ringfenced for the use of that sole client; whether it be with physical hardware separation or virtualised separation between server clusters, an organisation's cloud platform will be behind their own firewall. What's more, to protect data in transit, and to prevent untrusted users from accessing the cloud, private clouds can again use either physical or virtualised separation from public shared networks. For example, an organisation can utilise local area network (LAN) connections to access a cloud which hosted on internal on-site servers or a physically distinct leased line when connecting to servers in a remote location. Alternatively, technologies such as MPLS (Multi-Label Switching Protocol) can be used to provide organisations with trusted network connections, controlled by individual providers, across public network infrastructure. The latter can provide more flexibility and allow the organisation to benefit to a greater extent from the scalability that cloud hosting providers can provide.

Hybrid Cloud
A hybrid cloud combines elements of public and private clouds and so can provide the security that organizations require for their sensitive and private data whilst allowing them to access cost efficient scalability in the public cloud for their non-sensitive operations. For example, an organization may store all of their protected client data in systems and databases hosted on site in a private cloud as required by regulation but pull computing resource from a public cloud for their brochureware website's hosting platform.

Data Centre Expertise
The previous part of this article mentioned the benefits of a data center location in terms of the physical maintenance of servers preventing data loss. Similarly it is worth noting that both public clouds and private clouds which utilise a third party data center location for their server hosting (whilst introducing vulnerabilities in data transfer) can benefit from on-site expertise in the maintenance of software and anti-virus measures, including for example patching, to optimise both the preservation and security of data.

© Stuart Mitchell 2013

To find out more about overcoming the security challenges faced by cloud hosting you can visit this cloud hosting blog.

View the original article here

Cloud Vs Dedicated Hosting - Part 4: Security

Having compared cloud with traditional dedicated hosting solutions on their respective costs and performance issues in the preceding posts in this series, the final instalment provides further analysis of the two in regard to security issues.

Security

For many private and enterprise customers, security is the primary area of concern when making the switch from traditional localised computing to cloud computing solutions, particularly when it comes to the topic of hosting. Businesses that require high levels of security to be applied to their hosting platforms have traditionally flocked to dedicated hosting solutions, to avoid the vulnerabilities introduced by sharing servers with other companies or business functions. These enterprise customers have since been somewhat reticent to make the switch to cloud (despite the efficiencies mentioned previously).

Dedicated Server Security

Dedicated servers have, by design, features which are conducive to high levels of security in that they are individual platforms on discrete servers which are operated for single purposes - i.e., they do not share disk space or computing power with other services or businesses. This distinction leads to a number of security benefits in terms of both protecting access to hosted data and the preservation of that data. To achieve these twin aims, the risk of hackers or malware accessing the data and/or corrupting it is minimised; by not having any other functions/companies sharing the hosting platform it reduces the number of possible points of entry/access and therefore the number of security vulnerabilities on the server. What's more, a business sharing a host server would have no control over the effectiveness of the measures taken to secure these vulnerabilities if they are sharing the server with third party businesses. The dedicated model also removes the competing demands placed on the physical computing capabilities of the server by other hosting platforms/solutions stacks/businesses' IT projects, meaning that there is less risk of server or network failures leading to the unavailability or loss of data.

Cloud Hosting Security

Cloud Hosting platforms therefore need to re-address these issues as they fundamentally rely on the concept of shared or pooled computing resource. Public cloud models will struggle to offer the same protection as a dedicated platform because they not only share physical hosting infrastructure across multiple virtualised hosting platforms for disparate customers, but have further vulnerabilities in that the access points to such services are across public networks - in other words anyone can 'knock on the door' and any information being transferred between access point and server is at risk of being intercepted. Furthermore, one organisation who is a consumer of the service has no influence or control over the trustworthiness of others who may have signed up to share these pooled resources.

The answer to dedicated platforms for cloud computing is the private cloud. This model relies on the concept of ring-fencing a pool of computing resources for the use of a single organisation to eliminate the vulnerabilities of sharing. The concept has a variety of ways in which it can be physically implemented but where it involves a physically distinct pool of servers it can remove the aforementioned risks of sharing with third parties. In addition the use of a physically distinct line for access or on-site location of the servers can negate the risks of data being intercepted in transit or of unwanted access to the platform. However, by implementing measures such as these, organisations eliminate many of the economies of scale that make the cloud so attractive in the first place. Consequently, private clouds are often created using virtualisation to create ring fenced virtual networks of servers and secured access to those with technologies such as MPLS and VPN. These virtualised private clouds are becoming more and more secure and whilst they may not quite rival the physical independence of dedicated servers of localised private clouds there is a determination in the industry to close the gap and allow enterprise to benefit from the cost efficiencies and scalability benefits of cloud hosting without compromising on their security.

© Stuart Mitchell 2013

If you want to find out more about the respective benefits of cloud and dedicated hosting platforms then you can check out this blog from inside the cloud hosting industry.

View the original article here