Ensuring cloud security, performance through testing

August 9, 2012 Off By David
Object Storage

Grazed from CIOL. Author: David Schneider.

Cloud computing has become one of the most significant secular trends within technology, and we believe the outcomes are just beginning to be felt across the industry.

A recent Forrester report predicted that the global cloud computing market will grow from $40.7 billion in 2011 to $241 billion by 2020. All round savings including cost efficiency, asset optimization, lower upfront investment, flexibility, ease of maintenance in all aspects of IT’s hard and soft costs, are driving more and more businesses to adopt the cloud.

Cloud computing allows businesses to shift large chunks of budgetary excel spreadsheet from a capex to an opex model, paying only for what they use…

While cloud computing is believed to improve business processes and increase company effectiveness, security in the cloud continues to remain a global challenge, particularly as more and more critical functions are migrated. According to an IDC ‘IT Cloud Services User Survey’, 74 per cent of IT executives and CIOs have cited security as the top challenge prevent­ing their adoption of the cloud services model.

Gartner’s report, ‘Top End User Predictions for 2012 and Beyond’, cites that by 2016 the financial impact of cybercrime will be growing at a rate of 10 per cent annually and by the same year, 40 per cent of enterprises will make proof of independent security testing a prerequisite for using any type of cloud services.

Cloud vendors rely significantly on their reputation, so it is important that they have consistent & dependable security procedures in place and implement the latest technology to safeguard client data. Trusted security is now the most important unique selling proposition and differentiator for cloud vendors.

Recent trends in cloud computing demonstrate that the architecture has matured and offers distinct advantages for cyber security defense. New cyber security, IT service management products & innovative security testing methods are emerging to provide real-time, deep insight of metrics collected in the cloud computing infrastructure.

Cloud Security Risks and Opportunities

The security offered by a cloud service provider can be better or worse than that offered by an in-house data center. Physical security may be better implemented, but certainly involves a larger number of people.

Enterprise data centers are generally protected from outside security threats through the use of firewalls and other security appliances. There are many “doors” for applications running in the cloud. The software components of applications can run on potentially dozens of computers located in one or more data centers. They are connected through networks that are accessible from the Internet or other applications running in the cloud data centers.

Liberal use of virtual LANs (VLANs) and virtualized versions of the firewall and other security components are available to protect data in transit, but must be carefully implemented to ensure that all of the “doors” have guards.

The real security risk associated with running in the cloud is the enabling technology itself: virtualization. The economics of cloud computing derive from the inherent sharing of computer, main memory, storage, and network resources. This sharing means that multiple enterprises have Virtual Machines (VM) running side-by-side on the same host, that their data may exist on the same volume, and that their data might be sent across the same network.

The process of virtualization introduces new avenues of attack for the hacker. The process of virtualization and networking require new components that increase exposure: the hypervisor, an administration VM, a virtual switch, a virtualization server and console, a management server and console, and new system administrators.