Solved

Cloud Infrastructure

Posted on 2016-09-09
5
128 Views
Last Modified: 2016-09-21
Could someone explain the issues in network, host, and applications levels of cloud infrastructure security?
0
Comment
Question by:K K
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 41792130
It is not really issue in the 3 areas per se of the security architecture. Instead you should ask the challenges in ensuring those domains are secured against threats such as

- data leakage or theft due to misconfiguration, infection esp for exploitation due to co-sharing of host and network in cloud vm environment and no proper security segregation of data based on sensitivity or classification

- Unauthorised access and abuse via 3rd party contractor or privileged user esp from remote access and not using any form of 2FA (rely on username and password), lack of audit trail and no proper access matrix done

- No data integrity and unable to detect tampering or hijacking attempt esp when data are not end to end encrypted and no protection when data at rest, data in transit and data in use.

- Lack of oversight of the whole posture of setup due to over reliance & manual checking with outsourced vendor, no form of regime for penetration test and vulnerability scanning to establish snapshots of security health and using no compliance outdated application/system

Key for above the cloud security architecture need a security by design strategy and always Adopt a trust but verify mindset to ascertain the claims - e.g. verified to be working as it is expected.
0
 
LVL 25

Accepted Solution

by:
madunix earned 250 total points
ID: 41792262
Cloud Deployment Models
  • Private (exclusive use by single organization);
  • Community (exclusive use by specific community);
  • Public (used by general public);
  • Hybrid (composed of two or more deployed models);


Cloud Service models
  • Software as a Service (SaaS), Example: Web mail customer uses providers applications;
  • Platform as a Service (PaaS), Example: Web service hosting; customer controls apps;
  • Infrastructure as a Service (IaaS),  Example: Linux server hosting; customer controls-operating systems, storage and applications;


Notice: It is important that you carefully review the terms of service when
evaluating a potential contract for cloud services and consider them in the
context of your organization’s security, so review contracts to ensure security and protection levels are agreed upon and ensure they have a business continuity plan (BCP) in place
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 41792273
Can also check out the checklist in Cloud Security Alliance Cloud Controls Matrix (CCM)

As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry.

The CSA CCM strengthens existing information security control environments by emphasizing business information security control requirements, reduces and identifies consistent security threats and vulnerabilities in the cloud, provides standardized security and operational risk management, and seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.
 https://cloudsecurityalliance.org/group/cloud-controls-matrix/
0
 
LVL 25

Expert Comment

by:madunix
ID: 41792278
Look at Statement on Auditing Standards (SAS) 70 audit report; SAS 70 is an internal controls audit carried out by a third-party auditing organization. http://sas70.com/
0
 
LVL 37

Expert Comment

by:bbao
ID: 41792309
a broad question. could you please tell us your particular requirement or the things you most worry about?
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
Learn how the use of a bunch of disparate tools requiring a lot of manual attention led to a series of unfortunate backup events for one company.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question