Please give very brief comment (5 to 7 lines) on peer’s posts
“Securing the Cloud for the Enterprise”. What do YOU believe to be the two (2) most important security considerations related to cloud deployments, and explain the main reasons why you believe such considerations to be the most important.
1] Cloud services are used privately and publicly over the Internet and it is important to get knowledge of network and security configurations. Most important security consideration according to me would be network configurations as it is exposed and vulnerable to attacks. To manage network security, malware and threats should be monitored using software driven security configurations.
2] The second threat I think should be important would be In a multi-tenant public cloud environment. There can be threat of unintended intra virtual machine exposure as VM can co-exist with a VM hosting another application.
I believe these threats as important as securing the data at rest and in transit is the most important goal of network security. Clouds have benefits but then, unsecured clouds does more harm than good to the data protection.
- The first consideration is that when you create a new virtual machine and turn it on, you’ll be adding a new operating system to your production environment. Regardless of the operating system, each running operating system has its own security risks. That means you need to be very careful that each operating system running in your virtual environment be patched, maintained, and monitored as appropriate per its intended use, just like any non-virtual operating system on your network.
- You need to be aware that the common network intrusion detection systems that are used on enterprise networks today do not necessarily work as well in a virtualized infrastructure. This is especially the case when the traffic you want to monitor is taking place between virtual machines hosted on the same virtual server or a member of a virtual server cluster or array. The result is that methods used to monitor traffic between VMs will need to use alternative methods or entirely forego network based intrusion detection system and move the detection back to the host.
- An attack from inside your organization may seem unlikely, but the insider threat does exist. Employees can use their authorized access to an organization’s cloud-based services to misuse or access information such as customer accounts, financial forms, and other sensitive information.
The cloud comes with a unique set of characteristics that make it more vulnerable