Read Exclusive News About : Adobe Creative Cloud SolutionHowever, attackers are not so important exactly where the data: virtual or real machines, their goal to get access at any cost. Therefore, we can use the same means as in the data center for the protection of data in the cloud. Experts identify three major areas of security: data encryption, restricting access to the data and the possibility of their recovery in the event of an emergency.
In addition, experts advise to pay attention to the API. Opened and unprotected interfaces can become a weak link in data protection and the main reason for the vulnerability of cloud platforms.
Cloud Computing Security Challenges - Analysis and Machine Learning
As a workaround, you can pay attention to the AI Agents. Using frameworks of artificial intelligence and machine learning for automated data protection is to simplify routine tasks. However, soon they will be used to provide security in the public and private cloud infrastructures.
An example of such an approach today is a draft open source MineMeld, which allows the use of threat data received from external sources, to generate security policies with automatic configuration changes. This decision takes into account the specific needs of a particular company. Another example is the product Gurucul Cloud Analytics Platform, which uses behavioral analytics and machine learning to identify the external and internal threats.
Cloud Computing Security Challenges - Encryption
Vice President of Forrester Research Cher Andras sure that all data be encrypted absolutely does not make sense. Certain policies should be introduced to ensure security for the compilation of which can involve experts. It is necessary to find out what data is in the cloud, where the traffic is, and only then decide what information is encrypted.
Cloud Computing Security Challenges - Prior to enhanced security measures it is useful to calculate their usefulness, for example, compare the cost of the introduction of such measures and the possible loss of information leakage. Furthermore, it should analyze how the encryption or access controls and user identity affect the system performance.
Data protection can be carried out on several levels. For example, all the data that is sent to the cloud users may be encrypted with the AES algorithm provides security and anonymity. The next level of protection, encryption of data in the cloud storage server. Cloud service providers often use multiple data centers for data storage, which positively affects the integrity of the information.
Several recommendations for data encryption in the cloud, you can find here in this thread on Stack Exchange.
Cloud Computing Security Challenges - Infrastructure Monitoring
We have already talked about what kind of equipment is used in our centers. When migrating to the cloud, many customers are faced with the necessity of the introduction of new security strategy, since it is necessary to change the firewall settings and virtual networks.
According to a study conducted by analyst firm the SANS, clients cause concerns the vulnerability of systems to prevent unauthorized access (68%), application vulnerabilities (64%), malware infection (61%), social engineering, and failure to comply with safety regulations (59%) and internal threats (53%).
This Chandra Sekar, Senior Director of Marketing at illumio, believes that attackers can almost always find a way to crack the system. Therefore, the main task to make sure that the attack does not spread to other vulnerable links in the chain. This is possible if the security system blocks unauthorized communication between workload and prevents illegitimate connection requests.
In the market there are many products for the infrastructure monitoring of data centers, for example, the line of Cisco provides IT Managers with the ability to get a complete picture of network activity. You can not only see who is connected to the network, but also to establish rules for users that certain people can do, and what access rights they have.
Cloud Computing Security Challenges - Automation
Another approach that can improve the reliability of the data center, the integration of security systems with DevOps practices. This allows you to accelerate the deployment of applications and the implementation of changes. Adaptive security architecture enables integration with automation and management tools, making changes to the security settings of continuous part of the deployment process.
Safety is not longer regarded in the cloud separately from the development and deployment, and becomes an integral part of continuous integration and continuous deployment (CI / CD). It can provide tools like Jenkins plugin, which code review and security has become a standard step for quality assurance.
Other vendors offer DevOps-tools for testing and monitoring of security: for example, the decision SAST used to analyze the application source code in a static state and identify security vulnerabilities and DAST solution to detect possible security vulnerabilities in the application. Several solutions for the DAST and SAST can be found in this topic on the Stack Exchange.
The main thing is not to postpone the question of security on the back burner. Previously, product safety often takes a separate command. But this approach has increased the work on the product and can not guarantee the removal of all vulnerabilities. Today, security integration occurs not only in practice, there were special terms - DevOpsSec, DevSecOps or SecDevOPs.
According to the chief technical director for cloud computing and SaaS from Intel Tischarta Jamie, between these terms there is a significant difference the location of the "Sec" shows the importance of safety. And right from the point of view of practical application, it is an option SecDevSecOpsSec. Thinking about the security needed at all stages of any product, including cloud infrastructure.