Upload
roger-pilney
View
68
Download
0
Embed Size (px)
Citation preview
Are Your IT Applications Designed for
Cloud?
Part 1/3 of Blog Series on Cloud Security
In this three part blog series, we will examine the various challenges faced by applications
operating in the cloud environment and also find out the ways to mitigate risks to ensure smooth
and secure access to sensitive enterprise data.
Cloud computing has become an integral part of information technology with almost every
enterprise evaluating and deploying cloud solutions. The abilities of cloud technology are several
and these happen to be the major factors driving adoption of cloud services. Business managers
are increasingly moving towards cloud deployments to increase efficiencies, reduce costs and
streamline available manpower. However, the major challenge is always to find a cloud solution
that is very secure. Several companies are usually wary about handing over the application
security to an unknown entity. Although the service providers usually maintain security
standards to safeguard mission-critical data, ultimately it is always the responsibility of
enterprises to assess application security irrespective of whether it resides on a private cloud,
public cloud or even on their legacy storage systems.
Given the fact that businesses are increasingly running on the Internet, it becomes but imperative
that a host of sensitive enterprise data is at a risk of being exposed publicly. This vulnerability if
exploited by hackers can often lead to exposure of customer data, sensitive corporate data
thereby leading to significant damage to reputation and brand image or in a few cases huge
financial losses to enterprises. Recent attacks on iCloud and websites of Sony Corporation
clearly underscore the importance of securing data in the cloud. Serious case of breach of
important and sensitive data resulted in major ramifications in the Internet world prompting the
respective companies to secure their data even more securely.
Against this back drop, protecting enterprise application from security vulnerabilities is gaining
significant importance. Companies need to address this issue in the process of enhancing the
organization’s security – both in the cloud and on-premise. A report by IBM® X-force® shows
that applications continue to be targeted by attackers to exploit data. Attackers are successfully
breaching into web applications with attacks such as cross-site scripting (XSS) and SQL
insertion (SQLi). These tools make unpatched web applications and legacy systems vulnerable to
attacks and the failure to protect the data in transit from and to a web application have resulted in
data leaks of credit card information, user credentials and other private conversations. Same can
be extended to an enterprise setup where an attacker can exploit the security loopholes to extract
sensitive data.
Cloud security is closely related to application security and cloud service providers need to ramp
up the security features in the cloud infrastructure to provide enhanced security to customer data.
The inherent architecture of the cloud can be effectively used to enhance the security levels
provided for organizations. The characteristics such as workload automation, enhanced
infrastructure visibility, standardization, centralized control over identity and access and
virtualized resources can be used to mitigate the risk of unauthorized users attempting to access
data. Automatic provisioning over the cloud can help in improving forensics and reducing
surface attacks. Default encryption of data in rest and in transit coupled with controlling the flow
of data in virtual storage can help in mitigating data loss and improving the accountability.
In the next blog, we will discuss in detail the key steps in managing application security over the
cloud and how it helps your mission critical business data.
DoubleHorn offers a complimentary Cloud assessment and helps you understand the level of
security Cloud offers to your IT infrastructure. Contact us to get started with the Cloud
assessment.