As cloud computing grows into an integral part of almost every information technology (IT) department, the question of security and the cloud remains prevalent in the minds of many IT professionals. The year 2011 was a banner year for cyber attacks and data breaches, and with cloud computing bringing information from various IT departments under a single physical server, the risks going forward are even greater. As cloud computing security research expands, new solutions will certainly evolve and help data centers better manage the information under their purview, but until then, IT managers need to be aware of the potential pitfalls when utilizing public and private clouds.
Virtualization is, by nature, less secure than running each server on its own physical machine. When using a hypervisor to manage a server, even the simple act of configuring the hypervisor could result in access points where the server could be breached. While major hypervisor platforms all come with a set of guidelines to effectively harden the server, these guidelines are not always followed as they should be. In addition to hypervisor concerns, the act of running multiple hypervisors, from multiple companies and often using vastly different software, on a single server results in another set of security issues. Even if the hypervisors are configured correctly, the risk of data intermingling or loss remains present.
Moving beyond the natural risks involved with running multiple virtual machines on a single piece of hardware, the cloud has even more advanced security issues. As information has to move between servers it becomes exposed to the possibility of attack or loss and even encryption is not enough to guarantee its safety. Even when the data is at rest, because the virtual machine is simply a set of files, it is often possible for attackers to break through the minimal security on the machine and access the information.
Over time, the cloud has certainly become more secure than it is now, and some companies have already begun to make it so. Partners like highcloudsecurity.com make it possible to secure virtual servers from the start. This security allows data to be protected in storage, transit and in backups and works well in both private and public clouds. The right cloud security solution will also provide security-hardened key management that’s policy-based, but still easy to configure and use.
While this risk will always remain at large, there are multiple ways to protect yourself, and your data from this cloud computing security risks. Check out our post: How to Ensure High Cloud Security for tips on dealing with these risks.