A major concern for most enterprises considering cloud computing services is security in the cloud. Relatively untested and often in their infancy, cloud providers still have to prove that they can fully protect data in a cloud computing environment. But if you're one of those organizations that has already made the cloud computing plunge, we have some expert advice that will help lock down the privacy of your systems.
This collection of tips on cloud computing security from contributor Phil Cox details how to secure your cloud services, no matter what they may be, and offers guidance on keeping your data safe from intrusion and any vulnerabilities in your underlying operating system or domain name system.
OUR TIP SERIES ON CLOUD SECURITY
Five requirements for deploying an application in a public cloud
These five requirements, one of which is the application's data security, should be met before moving an application to the public cloud.
How to use Software as a Service securely
While the general security needs of Software as a Service (SaaS) are taken care of by the service's provider, make sure that issues like insecure credentials do not threaten your system's privacy.
How to use Platform as a Service securely
Monitor and mitigate these known vulnerabilities when working with Platform as a Service (PaaS), including lax default application configurations and holes in Secure Sockets Layer (SSL) protocols.
Dealing with IaaS remote management security threats
Using remote management options like virtual private networks (VPN) and remote desktops in conjunction with IaaS can lead to poor credentials, implementation flaws and other threats that must be mitigated.
Protecting IaaS from domain name system threats
Keep IaaS as secure as possible by understanding and resolving any IP-related threats that stem from the domain name system.
Securing data in the cloud
Guarantee the security of your data in the cloud by classifying and storing it under the proper protection requirements.
Understanding cloud compliance issues
Be sure to ask the right questions when it comes to cloud computing and compliance concerns, as moving to the cloud can impact an organization's ability to comply with its previous regulations and standards.
Is PCI compliance attainable in a public cloud?
Can you reach PCI DSS compliance in a public cloud? The answer is yes, but there are several cloud-related nuances that PCI DSS does not address. Find out the requirements you'll need to follow to stay compliant.
Intrusion detection in a cloud computing environment
Find out how intrusion detection is performed on SaaS, PaaS and IaaS, along with whether or not your cloud computing environment has the appropriate intrusion detection systems necessary to detect and respond to attacks.
ABOUT THE AUTHOR:
Phil Cox is a principal consultant of SystemExperts Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the areas of system integration and security.
His experience includes Windows, UNIX, and IP-based networks integration, firewall design and implementation and ISO 17799 and PCI compliance. Phil frequently writes and lectures on issues dealing with heterogeneous system integration and compliance with PCI-DSS. He is the lead author of Windows 2000 Security Handbook Second Edition (Osborne McGraw-Hill) and contributing author for Windows NT/2000 Network Security (Macmillan Technical Publishing).
Phil holds a BS in Computer Science from the College of Charleston
This was first published in April 2010