Open in app

Sign in

Write

Sign in

Cloud Security Tips to Address Risks

Neova Solutions
4 min readApr 29, 2020

Cloud computing offers many benefits to the organization, but these benefits are likely to be undetermined by the failure to ensure appropriate information security and privacy protection when using cloud services. The aim to provide practical reference and help organizations information technology and business decision-makers to analyze information security of cloud computing.

When considering a move to cloud computing, we should have a clear understanding of security benefits and risks associated with it.

Services are segregated in 3 categories

  1. Infrastructure as a service(IaaS)
  2. Platform as a service(PaaS)
  3. Software as a service(SaaS)

There are a number of risks associated with cloud computing that must be addressed.

Loss of governance ownership

In a public cloud deployment, customers give authority to cloud computing providers

over a number of issues that may occur, which may affect the security and privacy of sensitive data. Yet cloud service agreements may not offer a commitment to resolve such issues as a part of the cloud service provider thus leaving gaps in security and defenses.

Responsibility ambiguity

Responsibility for aspects of security and privacy is shared between the cloud service provider and customer, due to this there is a possibility of sensitive information that may remain unguarded, hence there is failure to allocate responsibilities to cloud providers and customers clearly. This split of responsibilities vary on cloud service model used like(IaaS, SaaS)

Authentication and Authorization

Despite the fact that sensitive cloud information can be accessed from anywhere, there is a serious need for a strong authentication and authorization algorithm for identity management to access the data. As there are employees, contractors, partners, and customers. And the data access layer of each category is different. Due to this reason Authentication and authorization becomes a critical concern.

Handling security incidents

The detection, reporting of subsequent management is outsourced to cloud service providers. And these incidents impact the customer. To resolve this Notification rules need to be negotiated clearly in cloud service agreement so that customers are not unaware or should be informed in an unacceptable delay

Application protection

Traditionally application was protected by security solutions knowing all physical and virtual configurations, and in trusted zones. outsourcing this responsibility of security infrastructure to cloud service providers, reconsideration of security measures over the network should be done by applying more controls to the application at the user level.

The same level of security measures should be applied at cloud by cloud service providers.

Data protection

The major concerns can be releasing personal or sensitive data, or to bear loss or unavailability of data. It is important for cloud service customers to check the data handling process of cloud service providers. This problem is worse in the situation of multiple data transfer which may result in a lack of ownership transparency in data processing.

Personal data regulation

It is common in most of the jurisdiction that personal data must be treated according to respective rules and regulations of the jurisdiction. This is something beyond the protection of personal data as well as it involves rights to, inspect, correct or delete the data and in some cases data to be transferred from one location to another. Any cloud service using personal data should meet this requirement and at the same time data should be secured

Malicious behaviors of insiders

Damage caused by malicious action of authorities working inside an organization can be substantial, given the access and authorization, this risk is compounded in a cloud computing environment. And this activity may occur from both customer organizations or cloud service provider organizations.

Service unavailability

This could be caused by hardware, software, or any network communication failures.

Lack of portability

Dependency on cloud service providers could lead customers to be tied to the service provider. This causes a lack of portability and lack of portability poses a risk of service unavailability in case any change requests occur in an application.

Insecure or incomplete data deletion

The termination of a contract with a provider may not result in the deletion of the customer’s data from the provider’s and providers’ third-party systems. Backup copies of data usually exist, and maybe mixed on the same media with other customers’ data, making it difficult to selectively erase. thus represents a higher risk to the customer.

Conclusion:

Analyzing the above-mentioned risk parameter for cloud security for migrating an application or moving data on a cloud service provider will help to minimize the risk of surface attacks and avoid substantial risks caused by data loss.

Originally published at https://www.neovasolutions.com on April 29, 2020.

Connect with us:

  1. Linkedin: https://www.linkedin.com/company/neova-solutions/
  2. Instagram: https://www.instagram.com/neovasolutions/
  3. YouTube: https://www.youtube.com/@NeovaSolutions_

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cloud Security
Risk
Security
Cloud Computing
Information Technology
Neova Solutions
Neova Solutions

Written by Neova Solutions

2 Followers
2 Following

We transform ideas into beautiful products. Since 2007, we are empowering startups to build disruptive products that are feature-rich and robust.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams