How to mitigate risk in the public cloud
Public clouds are a great way of connecting users around the world with a wide range of resources without needing to purchase software, hardware and supporting infrastructure. However, even with big names such as Amazon Web Services and Microsoft Azure, there are potential risks to using public cloud services.
Hackers can easily take advantage of developments in cryptoanalysis tools.
The issue of going public
Encryption is the key to protecting data integrity and confidentiality. If a cryptographic algorithm isn’t sufficient, hackers are easily able to take advantage of developments in cryptanalysis tools to attack insecure data.
Threshold policies on the other hand are only effective if they cover user and data requests as well as instance resources among other things. The use of public cloud services should never result in security compromises, which could open loopholes for malicious activities.
Load balances are used to even out data request capacity and should be kept around 50 per cent. If there’s malicious code running a virtual attack though, there’s a high chance the system will be overloaded, which in turn can result in a complete breakdown of communication, rendering the server useless.
Underlying hypervisors enable multiple, trusted operating systems to use the same hardware host. Naturally, if there’s a flaw in the security of a hypervisor, virtually anyone can have access to the shared hardware, making all other users vulnerable to exploitation and theft.
Tackling the problem
Risk mitigation needs to be a holistic approach. From an initial assessment of possible issues to implementing virtual and physical infrastructure, cloud security is essentially an extension of data management. There are three major aspects to cloud security:
1. Virtual private cloud (VPC)
VPC is concerned with the logical isolation of a pool of resources from the public cloud. Access from non-approved users is disabled.
2. Firewalls
By controlling incoming and outgoing traffic, firewalls filter data flows according to specified rules. Through this, cloud providers can fend off any data stimuli that aren’t deemed safe.
3. Centralised access
Identity-based usage is tied to centralised access to the cloud for both VPC and firewalls. By using VPN gateways, data flows to and from an isolated cloud with a public IP address. This in turn offers protection against IP spoofing and enables better encryption.
Telarus and security
At Telarus we’re experts in providing public, private and hybrid cloud solutions.
Get in touch with our team today to learn more about which solution will work best for your business and how we can help you have the best of both worlds: access and security.