There is a misconception that The Cloud is something new. It isn’t. The Cloud has been around for long time, we just didn’t call it The Cloud. In part one of his blogs, Steve from Studio Mashbo has the lowdown on cloud security.
Ever-growing speeds and reliability have paved the way for more and more services being hosted remotely and accessed anywhere. Mobile data has meant that these services can be accessed while on the move. You don’t have to sit and watch the world whizz by on a train any more while sipping a coffee. You don’t have to take a day off to wait in for someone to fix your boiler. You can work from anywhere and you’re able to be productive and get things done.
One barrier to entry is security and the mysteries and horror stories that surround it. Companies are reluctant to store their data in The Cloud because it introduces an avenue for the morally misaligned internet toad to pinch it.
It is scary to think about an unauthorised person getting access to information about your customers, but this can happen whether you use the cloud or not. It’s on the internet. It’s vulnerable. You cannot be complacent when dealing with other people’s data.
If you have a computer connected to the internet, whether it is ‘part of the cloud’ or not, it is vulnerable to attack. It’s your duty to make sure that only the right people have access to it and there are plenty of services and resources to help you do it.
Cloud Service Providers have developed many tools to help mitigate these risks at various entry points to your application. All of these things are well used technologies and processes, but they have been made simple to implement in your online infrastructure. The Cloud Service Providers are your Experience as a Service, to coin yet another ‘aaS’ acronym. They deal with the finer details and technicalities of configuring these things, leaving you to concentrate on the higher level business-critical objectives like serving your customers.
There are a couple of avenues through which someone could illegally access your data – and there are different things you can do to prevent this, depending on how you look at it. You can put a firewall in place to stop unwanted traffic hitting your application in the first place. The firewall can be configured to detect commonly known exploits and stop them at the source before they even have a chance of finding a way to your data.
If by some unfortunate circumstance someone gets through the initial security layers, there are still things you can do to protect your customers. You’re able to encrypt all of your data when it’s at rest, i.e. not being accessed. So, this means that even if someone got hold of one of your files, they wouldn’t be able to see what it was.
You can go further still. You can encrypt your data in transit so until it reaches its intended recipient, it will be in an encrypted format. Even with Man in the Middle attacks, your data would still be safe.
Even with these securities in place, you need to know if someone is attacking your site. You want to identify these situations quickly and close the loophole as fast as possible. Again, cloud-based Infrastructure as a Service allows you to deal with this efficiently and with less technical and maintenance know-how.
There are tools that will identify patterns within access and error logs that can flag a problem. You can run inspection tools to find potential exploitable code or infrastructure configurations that may be making your application vulnerable, even before anyone attempts to take advantage. All these can be set up with appropriate alerts, so your application is monitored and protected 24 hours a day.
I’ve touched upon a few tools that can be used, but there is so much more you can do. If you feel that the virtualised environment is too much of a risk, if an attacker managed to penetrate the hypervisor that underpins the virtual servers for example, then you can deploy a dedicated machine within the cloud instead. These kinds of considerations will come down to analysing the likelihood that someone could do this and would want to do this.
I’m writing this as if these are only possible to implement if you use a cloud provider, but these things have been around for years. They have just been more difficult to set up and take advantage of.
The cloud is no less secure than a self-hosted machine. In fact it’s arguably more secure with the amount of technical resources keeping the infrastructure that the cloud lives in up to date and secure.