Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Securing the cloud layer by layer

1 May 2015 Infrastructure, Integrated Solutions

By AJ Hartenberg, portfolio manager: data centre services at T-Systems in South Africa.

Security has typically been, and continues to be, one of the major areas of concern for organisations contemplating a move into the cloud, and for good reason. Security breaches can have far-reaching consequences that could cripple a business, and legislative compliance issues add further complications. However, security challenges, particularly regarding the public cloud, have led to a misconception that a private cloud is the most secure offering.

AJ Hartenberg, portfolio manager: data centre services at T-Systems in South Africa.
AJ Hartenberg, portfolio manager: data centre services at T-Systems in South Africa.

The perception that the private cloud is less vulnerable to security breaches is a risky one, as the reality is that the cloud, like any IT environment, is only as secure as it is made to be. Outsourcing to a specialist cloud provider, on the other hand, carries significantly reduced risk, as these providers have more extensive resources and expertise, and often are at the forefront of security practices. Securing the cloud, whether this is private or outsourced, requires a layer-by-layer approach to minimise vulnerability. Whether organisations opt for the private model, or take the decision to outsource to a specialist, there are many security factors that need to be considered.

One of the very first security aspects, and one that is so simple it is often overlooked, is access rights to elements within the actual cloud platform. If user IDs and passwords are not secure, the entire environment could potentially be compromised. If users have access to areas they should not, vulnerabilities are created. As a result, the first layer of cloud security should be to create stringent rules around passwords, from characteristics of the password to enforcing regular password changes, to ensuring appropriate levels of access for users.

In addition, it is essential to apply different levels of security at different stages within the cloud platform, to secure all layers from the physical environment to the various cloud components. This includes the hypervisor layer, which incorporates a variety of different components that must be secured. In addition, the different layers should be segregated to prevent users from being able to penetrate from one area to another or break out of the various layers. Securing network access is also essential, including aspects such as intrusion prevention services (IPS), properly configured firewalls, network switch configuration and more.

Management still applies

These elements are similar to those required to secure any IT environment, however, the cloud serves to exacerbate the problems of not having adequate security. In a cloud environment, the entire system is at risk if security is ineffective, and in fact practically all systems are easily accessible if passwords can be hacked, traced or broken. This is why segregation is so important – to ensure that even if one system is breached, the entire system is not compromised. If this is not done correctly, a single misplaced or unsecured password could result in a person with malicious intent accessing everything from HR and finance to sensitive company information and strategic documentation. End user passwords remain the single most overlooked element of security, and must be secured.

In addition, organisations should ensure that strict operating system access rights are applied to ensure users cannot access file systems they do not need to access. This needs to be implemented at a file level, with permissions to read, write, create files and so on, to minimise damage should a breach occur. Access to applications should be controlled via two-factor authentication – using a password as well as an additional means of clarification – and access rights should only be granted as necessary.

For example, a marketing employee does not need to access HR or finance applications, so they should not be able to do so. Furthermore, application identities should not be generic. Each employee should have their own ID to access applications, to ensure greater levels of security and control.

Policies, procedures and processes also need to be put into place to ensure security. Standard policies need to govern access and application rights and roles defined per user: if a user has a certain role, they need a certain level of access to certain applications. This policy should drill down to a specific and granular level per user. Procedures need to be repeatable and ensure that all security aspects are governed and not overlooked. Processes too must be streamlined and repeatable, and people need to be made aware of these processes to ensure they can be followed. This in turn aids in compliance as it simplifies auditing with documented, signed and repeatable policies, processes and procedures.

Deferring to specialists

Security, particularly when it comes to the cloud, is a complex task that, when considered at this level, is often too complex for many organisations to adequately assure using in-house skills. As a result, utilising a specialist cloud provider can be of enormous benefit in ensuring all of the elements of security are put into place and in reducing risk. Cloud service providers have greater access to resources, making it easier for them not only to ensure adequate security, but also to identify a breach and take proactive measures to prevent a breach happening.

Outsource providers have a stringent approach to security with regular audits and penetration testing, to ensure segregation of layers is in place. Furthermore, they are often at the forefront of security due to close relationships with vendors that underpin cloud computing, including hypervisor vendors.

Securing the cloud is a complex task that can have significant negative consequences if ineffectively addressed. From standard security such as firewalls, intrusion detection and prevention, anti-virus and encryption operating systems and applications, there are many aspects and layers to consider. In addition, passwords are vitally important, but are something that is very often overlooked. Partnering with a specialist cloud provider can assist organisations to ensure their cloud IT infrastructure and services are adequately secured, so that they can leverage the benefits without falling prey to the pitfalls of a security breach.

For more information contact T-Systems in South Africa, +27 (0)11 266 0266, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Make BIG and COMPLEX small and manageable
neaMetrics Suprema AI & Data Analytics Surveillance Integrated Solutions
Traditional CCTV and access systems often operate separately, creating gaps in visibility and efficiency. TRASSIR and Suprema have partnered to develop an integrated platform that improves security, operations, and situational awareness.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Hytera supports communication upgrade for Joburg
News & Events Infrastructure Government and Parastatal (Industry)
By equipping Johannesburg’s metro police and emergency services with multimode radios which integrate TETRA and LTE networks, Hytera is bridging coverage gaps and improving response times across the city.

Read more...
Combining TETRA or DMR with 5G broadband
Infrastructure IoT & Automation
As enterprises face rising complexity and connectivity demands, hybrid networks offer a transformative path, combining the proven reliability of TETRA or DMR with the innovation and coverage of 5G broadband.

Read more...
Questing for the quantum AI advantage
Infrastructure AI & Data Analytics
The clock is ticking down to the realisation of quantum AI and the sought-after ‘quantum advantage’. In many boardrooms, however, quantum remains mysterious; full of promise, but not fully understood.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
IoT-driven smart data to stay ahead
IoT & Automation Infrastructure AI & Data Analytics
In a world where uncertainty is constant, the real competitive edge lies in foresight. Businesses that turn real-time data into proactive strategies will not just survive, they will lead.

Read more...
Hydrogen is green but dangerous
Fire & Safety Infrastructure Power Management
Hydrogen infrastructure is developing quickly, but it comes with safety challenges. Hydrogen is flammable, and its small molecular size means it can leak easily. Additionally, fires caused by hydrogen are nearly invisible, making them difficult to detect and respond to.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.