Menu

Tag Archives:
CSA

Home / Blog / Tag: CSA

5 Top Recommendations for Public Cloud Protection

5 Top Recommendations for Public Cloud Protection

Public cloud storage provides virtually unlimited capacity to users on-demand, accessible via the web, in a free or paid per use capacity. The most prominent examples of public cloud storage are Google Apps, Office 365, file sharing applications such as Dropbox, and so on.

From a legal perspective, security aspects of cloud storage especially arise with regard to data protection regulations. Data protection law is focused on the protection of the data of individuals, their right to storing, processing, and use. In data protection law, particularly relevant roles are the data subject, it’s the one who needs to be protected, the controller aka cloud user, the processor means the cloud application provider, and the subcontractor of the processor which is the cloud storage provider. As Increasingly, hackers are gaining access to the public cloud resources of businesses and organizations due to the careless handling of the keys access of authorized users, companies must know how to protect sensitive information contained in scripts or configuration files by carefully planning the security and privacy aspects of cloud computing solutions before engaging them.

 

Here below are the top 5 recommendations for public cloud users to protect their data from misuse:

 

  • Understand the public cloud computing environment offered by the cloud provider

This buy cheapest viagra of all places should be spotless and exemplary. People suffering from joint pain must avoid the browse that store brand viagra prices use of dairy products, citrus, meat, vegetable oils etc. The other common drug used for Erectile dysfunction is the failure to attain or complete an erection in order to get and give sexual pleasure tadalafil canada mastercard http://appalachianmagazine.com/2015/11/11/5-west-virginia-veterans-who-embody-the-mountaineer-spirit/ to his partner. In a 1-mg dose it is Propecia, prescribed for tadalafil no rx hair loss.
 

The responsibilities of both the organization and the cloud provider vary depending on the service model. Organizations using cloud services must understand their responsibilities over the public computing environment and the implications for security and privacy. The cloud provider support and investment in data security or privacy should be verified before any collaboration. If you understand well enough the policies, procedures, and technical controls used by a cloud provider you can calculate the security and privacy risks involved. By having a complete picture of the protection provided by the security and privacy controls, organizations can improve the ability to assess and manage risk accurately, including mitigating risk by employing appropriate techniques and procedures for the continuous monitoring of the security state of the system.

 

  • Evaluate your organizational security and privacy requirements

 

A public cloud provider’s security package isn’t custom-made specifically for an organization’s security and privacy needs. Therefore, from a risk perspective, organizations must be well informed if their selected public cloud computing solution is configurable, deployable, and manageable to meet their security, privacy, and other requirements. Organizations can also have negotiated agreements about security and privacy details, such as the vetting of employees, data ownership and exit rights, breach notification, data encryption, tracking and reporting service effectiveness, compliance with laws and regulations, etc. With the growing number of cloud providers and the range of services from which to choose, organizations must pay attention when selecting and moving functions to the cloud.

 

  • Ensure that the client-side computing environment meets organizational security and privacy requirements for cloud computing

 

Cloud computing encompasses both a server and a client-side. Services from different cloud providers, as well as cloud-based applications developed by the organization, can impose more exciting demands on the client, which may have implications for security and privacy that need to be taken into consideration.

Because of their practical use, web browsers are a key element for client-side access to cloud computing services. Clients may also run a small lightweight application on the desktop and mobile devices to access services. The numerous available plug-ins and extensions for Web browsers are well-known for their security problems. Many browser add-ons also do not provide automatic updates, increasing the persistence of any existing vulnerabilities.

Having a backdoor Trojan, keystroke logger, or another type of malware running on a client device undermines the security and privacy of public cloud services as well as other Internet-facing public services accessed. As part of the overall cloud computing security architecture, organizations should review existing security and privacy measures and employ additional ones, if necessary, to secure the client-side.

 

  • ID and rights management:

 

Identity and authorization management is a major part of access control. A cloud service provider should make these secure using suitable organizational, personnel, and technical measures. If not done correctly, hackers can easily find these unprotected keys and gain direct access to the exposed cloud environment they use for data theft, account takeover, and resource exploitation. The damage can reach 4-5 digit amounts per day. For this reason, all Cloud Computing platforms should support identity management. The basis for this support can be either that a service provider supplies the customer with an ID management system themselves, or that they supply interfaces to external identity providers.

 

  • Early detection is crucial

 

There are those who believe the attackers have already “won,” and thus choose to implement a detection and remediation approach. However, with complete awareness of your environment, a prevention attitude is indeed possible. Therefore, the final step is to implement that monitors any activity for potentially harmful behavior. Implementing detection measures that look for correlate and warn against potentially malicious behavioral indicators will help detect hackers early enough before they can do more damage. Applying application-specific threat prevention policies to allowed application flows is a key step in adhering to a prevention philosophy. Application-specific threat prevention policies can block known threats, including vulnerability exploits, malware, and malware-generated command-and-control traffic.

 

Organizations are using the public cloud to achieve more efficient time to market and improve the overall business. However, when executives create business strategies, cloud technologies and cloud service providers (CSP) must be considered. Developing a good roadmap and checklist for due diligence when evaluating technologies and CSPs is essential for the greatest chance of success. An organization that hurries to choose CSPs without a case study, exposes itself to commercial, financial, technical, legal, and compliance risks that jeopardize its success.

 

Sources :

Top 12 Cloud Computing Security Threats

cloud computing security

Due to cloud computing exponential growth, its benefits are now obvious.The most notable are, reduction of maintenance costs of its IT infrastructure, Reduction of energy consumption, the rapidity of sharing data with one or more other users of CC. Possibility of creating a collaborative virtual platform.

 

However, front all the possibilities offered by this new concept, cloud computing has created new security challenges. Still some enterprises are reluctant to in CC adoption mostly because of the safety factor which is still a challenge.

 

Just to remind, cloud computing is an IT approach that operates over the Internet (or any other WAN). It’s a type of Internet based computing where different services such as servers, applications, storage, collaboration and administration tools, etc. are delivered to any organization’s computers and devices through the Internet.

 

Seeing both the promises of cloud computing, and the risks associated with it, the Cloud Security Alliance (CSA) and the Information Systems Audit and Control Association (ISACA) has created several studies in which they have identified 12 points which are the major threats to data security and cloud applications. Let’s have a look to it.

 

  1. Leakage of that kind of information which wasn’t intended for public due to the existence of Data Breaches.
  2. The fragility in Identity, Credential and Access Management, although some providers prioritize authentication interfaces with other ways such as certificates, smart cards, OTP technology phone authentication, and many others;
  3. Using Insecure interfaces and APIs that customers can use to interact with cloud services
  4. Exploit of System Vulnerabilities in operating systems on servers in clouds or even in hosted applications
  5. Accounts or services Hijacking via software vulnerabilities
  6. Risk caused by Malicious Insiders are not new. It can be a person of management team who has enough access to privacy or secured data that he can easily to misuse it.
  7. Advanced Persistent Threats (APTs) consist of a form of attack where the hacker manages to install somehow a file in the internal network of an organization and can put his hands on important or confidential data of the organization. This type of attack are really difficult to detect for a cloud service provider.
  8. Data loss can be caused by a virus attack of Datacenter, a physical attack (fire or bombing), natural disaster, or even just to a human factor in the service provider, eg in case company’s bankruptcy. The thought of losing all data is really terrifying for both businesses and consumers!
  9. The shortcomings in the internal strategies of adoption or transition to the cloud technologies. Companies or organizations often doesn’t take into account all the safety factors related to their operation before subscribing to a cloud service.
  10. Abuse and Nefarious Use of Cloud Services via accounts created during the evaluation periods (most ISPs offer free 30-day trial) or purchased fraudulently access.
  11. Denial-of-Service is the kind of attack that is meant to limit the acces on data or services by excessive consumption of resources such as processors, memory or network. The idea for the hacker is to succeed in overloading Datacenter resources to prevent other users to use services.
  12. The faults related to the Shared Technology issues can cause problems in the internal architecture of the cloud and eternal interface architecture with users.

 

These twelve points, as mentioned above, could further reinforce the paranoid in their doubt regarding cloud, but will mainly encourage users (individuals and businesses) to be more demanding on service levels (SLA: Service Level Agreement) conclude with suppliers.

 

Sources:

 

By levitra samples Continued using a legitimate and licensed online pharmacy, such as Epillsrx.com. It is a low dosage oral treatment which dissolves in the systemic circulation and increases blood flow to the penile organ for an erection; any hindrance in this process cialis tadalafil 10mg can affect the erectile function. It is a simple solution that reaps far-reaching benefits for children who have sensory integration dysfunction. wholesale cialis continue reading here Taking propecia may also have more sildenafil for women serious side effects such as those caused by sildenafil citrate.

Cheap Tents On Trucks Bird Watching Wildlife Photography Outdoor Hunting Camouflage 2 to 3 Person Hide Pop UP Tent Pop Up Play Dinosaur Tent for Kids Realistic Design Kids Tent Indoor Games House Toys House For Children