Security Perspective on Cloud Computing

1 10 2012

There’s a lively discussion about the cloud computing. It’s getting popular before majority people even get to really understand it, no mention realizing the security problems. So what is cloud? Are you taking the advantage of it? Before the discussion about the cloud security, let’s get to know it first.

What is cloud computing?

According to NIST, cloud computing is “a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”1 It relates to several latest technologies like distributed system, utility computing, virtualization and so on. These technologies are changing the whole business model from selling physical production to service. Though it’s still a new technology, most people have enjoyed it. With drop box and Apple iCloud, People no longer have to save their data on physical disks, but only leave them on the network. Actually, big companies benefit more. With cloud, they can integrate resources on several servers, instead of installing them on every computer. It really saves them considerable expense on IT management and fix cost.

Security issues in cloud computing

What’s the bad news? Actually, there’re some highly mentioned security problems in cloud2, which prevent people getting close to it.

  • First, just like our computer administrator authority, if VM hypervisor is vulnerable, it’ll be a target of malicious people. If hackers control the hypervisor, they can manipulate customers’ private data, or provide malicious service. It charges a significant high requirement on VMs’ security capability to guarantee data confidentiality. Though many providers claimed high security level of productions, declaration was always broken.
  • Secondly, based on the implementation of cloud security itself, the more people use cloud, the more secure the cloud is. In brief, every client in the cloud net is a security monitor. The lager amount of monitors will make it easier to find an attack and send report to the server. It’s really a good implementation, but it requires collecting data from customer. Then who will be responsible for securing the data while the environment is on exposure to an attack? This is a question.
  • Finally, as a core feature of cloud: virtualization, compromises all host network flow3, which intensively attract hackers’ attention. How to take great advantage of this layer while avoiding intensive attack is a heated discussion problem.

Actually, the problems above not only present within cloud computing, they also exist in traditional datacenter network. But conventional security policy or encryption plan is not always compatible in cloud environment4. Cloud architecture requires dedicated design both in security policy and technical safeguard. Then, what’s the plan of those famous cloud providers?

  • Google claims that they split files into parts and store them in multiple files on different machines. 5Besides, with files randomly named, it’s really hard for a hacker or some malicious insider to steal certain file. Also they encrypt data and invite third party to intrude their system to test reliability. Finally, if the hardware goes bad,they will use the device called “the crusher” to destroy the data. Here’s a question, is there any plan for recovery the destroyed data or is there any backup policy?
  • Apple featured their cloud service (iCloud) by claiming that data will be encrypted both in transmission and storage.6

A Crucial Truth of Cloud Security

Whatever the providers claimed, security breach always happened. For example, online storage service drop box was hacked and led to many of its members received trash emails this August7. Then we should ask: who is responsible for cloud security? Surprisingly, it’s us, instead of service provider! NIST pointed out: “Accountability for security and privacy in public cloud deployments cannot be delegated to a cloud provider and remains an obligation for the organization to fulfill.”8

Do you have a plan for cloud security?

The statement from NIST leaves people scratching their heads about protection of data stored on a remote machine, which they don’t even know where the server is. There’re several least protections we cloud user can do to protect our data:

  • Do remember to backup important files both on cloud and local disks.
  • Do not use the same user-ID and password on different sites.
  • Do not link all of your accounts together.9

In closing, cloud computing, as a newly developed technology, will face serious challenges in a long period. It requires careful design on security policy, technical protection and related law. It will surely benefit us to a great extent and ultimately change the relationship between computer world and human being. But before that, be sure that you already have a nice plan for cloud security.

_____________

  1. 1 NIST: Special Publication 800-145. The NIST Definition of Cloud Computing. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
  2. 2 Vic Winkler. Cloud Computing: Virtual Cloud Security Concerns. TechNet Magazine, December, 2011. http://technet.microsoft.com/en-us/magazine/hh641415.aspx
  3. 3 Kathleen Hickey. Dark cloud: Study finds security risks in virtualization. March. 8, 2010. http://gcn.com/articles/2010/03/18/dark-cloud-security.aspx
  4. 4 Securing the cloud – VMware white paper. http://www.savvis.com/en- us/info_center/documents/savvis_vmw_whitepaper_0809.pdf
  5. 5 Dan Rowinski. How Dose Google Protect Your Data in the Cloud? July 22nd, 2011. http://www.readwriteweb.com/archives/how_does_google_protect_your_data_in_t he_cloud.php
  6. 6 iCloud: iCloud security and privacy overview. http://support.apple.com/kb/HT4865
  7. 7 Mark Prigg. Cloud safety: Internet storage service Drop box admits security breach as fears grow over storing information online. Mail Online, Aug 1st, 2012. http://www.dailymail.co.uk/sciencetech/article-2182229/Dropbox-Storage- service-admits-security-breach-fears-grow-storing-information-online.html
  8. 8 NIST: Special Publication 800-144. Guidelines on Security and Privacy in Public Cloud Computing. http://csrc.nist.gov/publications/nistpubs/800-144/SP800- 144.pdf
  9. 9 John D. Scutter, CNN. How to protect your cloud data from hacks. Aug. 9, 2012. http://www.cnn.com/2012/08/09/tech/web/cloud-security-tips/index.html
Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: