As businesses realise they can make cost savings by moving both systems and services to the cloud, implications which may not be immediately obvious, start to become apparent, which should be taken into consideration as part of the migration to “The Cloud”.
Do you really know who else is sharing your cloud platform, who has access to it, and how do you secure data being kept there?
As we will discuss in an upcoming blog, there are several different flavours of cloud. In order to keep things simple we’ll just stick to the idea of a Public Cloud (i.e. one accessible by anyone freely or paying for access), you’ll see that this idea in principal is applicable to most cloud platforms.
In the example of Amazon Web Services (AWS) – one of the most widely used platforms – you can easily spin up a new VM (Virtual Machine) to do your bidding in a matter of minutes.
Once done, who knows what security controls are in place?
It’s the same as any other system on a network. It requires securing, it’s on a “private” network address range, and is accessed via the public internet typically over https, or perhaps even ssh – secure protocols for its management certainly. But what may not necessarily be secure is that “private” side of the network – are there other systems owned by or used by other people in “your” cloud? You simply don’t know!
In other words that private subnet of the public cloud may be accessible to anyone and everyone who has access to any systems on that network! Would you leave any other systems open on a network used by other unknown people….I’d expect the answer to be an emphatic, loud and distinctly un-cloudy “NO!”
Those systems must be secured, as effectively as any you leave exposed to the internet at large: Firewalls, Network IPS, Host IPS, Encryption, Strong Authentication for access, and so on…
Guest Blog from axial