5 (more) key cloud security issues

September 26, 2012 Off By David

Grazed from CSO. Author: John Kinsella.

As we’re adopting cloud computing, we’re more aware of the security concerns it raises than we were of issues created by other large-scale technologies we adopted in the past. This is a wonderful thing! But security nirvana has yet not been achieved. While there’s still plenty of room for cloud providers to improve, many aspects of cloud security must be the responsibility of the consumer.

In particular, I see five security-related issues with cloud computing that are critical to the success and security of a cloud-based project—and that are not always getting the full consideration they deserve…

1 Internal clouds are not inherently secure.
In the past year, many organizations have foregone using public clouds, choosing instead to build private clouds behind their firewalls. This may be the best solution for risk-averse groups.

These teams, though, need to understand that just because they’ve built a cloud inside their firewall doesn’t mean that their solution is safe. It still takes just one bad apple to spoil the barrel—a single department, user or application that is not behaving as it should. An organization that is risk-averse enough to avoid the public cloud should be building a secure cloud—possibly the company should be building its dream cloud, which contains all the security controls that it thinks are missing from a public environment. Since the company physically owns the private cloud, incident response can be very swift. Detection capabilities need to be cloud-specific (for example, sensors need to monitor inside the cloud, not just at its perimeter) and operational capabilities such as patch management must be sharp. A vulnerable service that’s in a cloud might have greater exposure and risk than the same service in a standard server farm thanks to the shared nature of cloud resources…

Read more from the source @ http://www.csoonline.com/article/717307/5-more-key-cloud-security-issues