Security related concerns continue to act as barriers for cloud adoption by Fortune 500 organizations. The major apprehensions that are related to security in cloud computing are hijacking of account information, breach of data integrity, and data theft among others.
Need to change perception of security in public cloud
These concerns are further reinforced with data breaches that have recently hit some of the important organizations such as JPMorgan, Home Depot, and Target, just to name a few.
There are many more instances that have been adding to fear of data loss in public cloud environments. In fact, large organizations are inherently skeptical about integrity of data any environment other than their own on-site data centers that facilitate robust physical control and have established a strong bond of trust.
However, with the advent of security solutions that are based on software technology, there is a considerable shift in overall perception of security as far as storage of business critical data is concerned.
Public cloud enables implementation of impregnable security measures for protection of data. Extensive adoption of software solutions has slowly and steadily resulted in shifting of security related paradigm, which was focused on physical security provided by on-premise data centers.
Organizations that are focused on IT and security must get accustomed to the fact that they will not be able to sustain direct control over cloud’s physical infrastructure. It is prudent to leave the task of worrying about security of their apps and other digital assets in cloud environment.
The contemporary status of data is influenced by extensive distribution among millions of visitors via broad array of cloud service models including IaaS, SaaS, and PaaS in addition to private, hybrid, and public cloud. The challenges to data security can be attributed to shifting of data from traditionally secure on-premise infrastructures that characterize physical boundaries to highly extensive cloud environment that is marked by logical boundaries.
Significance of data-driven cloud controls
Implementation of robust security controls for data center layers is on topmost agenda of Cloud Service Providers. There has been a remarkable progress in logical integration of software with visibility tools, host based security mechanisms, logging solutions, and security controls for commonly deployed networks.
Notwithstanding these best practices, a vital security gap continues to be a matter of concern for cloud service providers. Data oriented security controls continue to dodge experts who are focusing on protecting the data no matter where it resides. Security measures in cloud must act independent of the underlying cloud infrastructure and should adopt a data oriented approach.
Security policies for cloud computing environment need to be designed for enabling customers with direct control and the security measures should be independent of data location. Considering the exponentially growing volume, there is hardly any point in banking on perimeters and network boundaries.
It is therefore not surprising that a large number of enterprise customers are looking forward to mitigation of security risk by compartmentalization of the attack surface so that even the memory of a Virtual Machine that runs on a hypervisor is seamlessly protected.
Sharing security burden
The complexity of security in a cloud computing environment is compounded further due to e presence of a shared responsibility model of cloud providers. The model expects cloud users to look after the security of their applications, operating systems, VMs, and the workloads that are associated with these.
Cloud service provider’s responsibility in a shared security model is only restricted to securing physical infrastructure and not beyond the level of hypervisor.
Establishing new best practices
This kind of a shared security model can create havoc with mission critical data of the organization and force the company out f business in matter of hours as was witnessed during the recent Code Spaces attack.
There is an ever growing need to establish security measures that are focused on data to free up enterprises from carrying the burden of securing apps, data, and workloads that are running in a shared security environment.
The situation demands for development of new best practices to design a data-centric security model, which can provide capabilities as mentioned ahead.
Cloud customers should be able to operate independent of Cloud Service Providers by enabling an isolated layer of virtualization that has ability to separate data as well as applications from other tenants and the Cloud Service Provider as well.
The new boundary of trust must be associated with encryption in order to ensure that the data is consistently accompanied by controls and security policies. This also obviates the need for customers to adhere to security measures designed by Cloud Service Provider.
Performance of application must not be hampered while tightening of security measures is being executed. This calls for the need to use advanced cryptographic segmentation and a high end key management system that offers exceptional security. Similarly, security measures should never become a hindrance in deployment of applications.