Are Your IT Applications Designed for

Cloud?

Part 1/3 of Blog Series on Cloud Security

In this three part blog series, we will examine the various challenges faced by applications

operating in the cloud environment and also find out the ways to mitigate risks to ensure smooth

and secure access to sensitive enterprise data.

Cloud computing has become an integral part of information technology with almost every

enterprise evaluating and deploying cloud solutions. The abilities of cloud technology are several

and these happen to be the major factors driving adoption of cloud services. Business managers

are increasingly moving towards cloud deployments to increase efficiencies, reduce costs and

streamline available manpower. However, the major challenge is always to find a cloud solution

that is very secure. Several companies are usually wary about handing over the application

security to an unknown entity. Although the service providers usually maintain security

standards to safeguard mission-critical data, ultimately it is always the responsibility of

enterprises to assess application security irrespective of whether it resides on a private cloud,

public cloud or even on their legacy storage systems.

Given the fact that businesses are increasingly running on the Internet, it becomes but imperative

that a host of sensitive enterprise data is at a risk of being exposed publicly. This vulnerability if

exploited by hackers can often lead to exposure of customer data, sensitive corporate data

thereby leading to significant damage to reputation and brand image or in a few cases huge

financial losses to enterprises. Recent attacks on iCloud and websites of Sony Corporation

clearly underscore the importance of securing data in the cloud. Serious case of breach of

important and sensitive data resulted in major ramifications in the Internet world prompting the

respective companies to secure their data even more securely.

Against this back drop, protecting enterprise application from security vulnerabilities is gaining

significant importance. Companies need to address this issue in the process of enhancing the

organization’s security – both in the cloud and on-premise. A report by IBM® X-force® shows

that applications continue to be targeted by attackers to exploit data. Attackers are successfully

breaching into web applications with attacks such as cross-site scripting (XSS) and SQL

insertion (SQLi). These tools make unpatched web applications and legacy systems vulnerable to

attacks and the failure to protect the data in transit from and to a web application have resulted in

data leaks of credit card information, user credentials and other private conversations. Same can

be extended to an enterprise setup where an attacker can exploit the security loopholes to extract

sensitive data.

Cloud security is closely related to application security and cloud service providers need to ramp

up the security features in the cloud infrastructure to provide enhanced security to customer data.

The inherent architecture of the cloud can be effectively used to enhance the security levels

provided for organizations. The characteristics such as workload automation, enhanced

infrastructure visibility, standardization, centralized control over identity and access and

virtualized resources can be used to mitigate the risk of unauthorized users attempting to access

data. Automatic provisioning over the cloud can help in improving forensics and reducing

surface attacks. Default encryption of data in rest and in transit coupled with controlling the flow

of data in virtual storage can help in mitigating data loss and improving the accountability.

In the next blog, we will discuss in detail the key steps in managing application security over the

cloud and how it helps your mission critical business data.

DoubleHorn offers a complimentary Cloud assessment and helps you understand the level of

security Cloud offers to your IT infrastructure. Contact us to get started with the Cloud

assessment.