The potential and danger of the cloud, David Owen, BAE Systems Detica

0

David Owen, Direct Strategy and Major Client Group, BAE Systems DeticaDavid Owen 64

Hosting network services on Cloud platforms is becoming increasingly popular and there are good and bad things about that. There are a few things to look out for when moving to the Cloud.

• It is important to look for security features such as a high-end firewall and IDS when choosing a Cloud provider. Also, make sure the provider undertakes regular security testing of the environment and that these results can be validated against your expectations.  Make sure the security model fits with your enterprise security architecture.

• Think about the services you are planning to host on the Cloud. Do not get temped to over commit just for ease of use and low cost.

• Be aware of a possible botCloud attack (a botCloud is a group of Cloud instances that are commanded and controlled by a malicious entity to initiate cyber-attacks). The traffic that is coming from public Cloud providers might
not be safe.

The good about Cloud…

•        Infrastructure maintained away from end-user community.

•        Infrastructure maintained by specialists.

•        Shared cost allows for increased investment in security.

•        An increasing amount of information is available to help with your assessment of risk.

•        Providers can mitigate some security risks (eg. DDoS) more effectively than you could on your own.

The bad about Cloud …

•        Loss of visibility of what happens to company data – auditability.

•        Increased reliance on third parties facilitating access to the Cloud (eg. your ISP, your Telco).

•        You can’t choose your neighbours.

•        Limited ability to verify security controls are being effectively applied.

•        Proprietary formats, inability to extract data, may lead to vendor lock in.

The maybe about Cloud…

•        Any time / any place access introduces specific issues related to the appropriateness of material in specific geographic locations.

•        It doesn’t fix the ‘people’ aspect of security risk – which is how most compromises occur.

•        Controls implemented in a Cloud environment aren’t straight forward and may not map to the risk you’re trying to address.

Share.

Comments are closed.