1. Privileged user access
2. Regulatory compliance
3. Data location
4. Data segregation
5. Recovery
6. Investigative support
7. Long-term viability
There are different levels of risk for different type of cloud. Public cloud is front runner in risk among all other types of cloud.
In top of these risks still companies are thinking about cloud implementation in their organization. Companies are saying, risk is everywhere and you should mitigate these risks or overcome these risks.
Cloud is on demand service by provider to consumer, so there should be good understanding of cloud security between provider and consumer like good service level agreement and contract requirement between provider and consumer.
Here are few points to mitigate risks on cloud.
1. Secure logon – In cloud make sure every user has unique user id with proper authorization on cloud. It should be managed properly and it should access directory structure to provide access control.
2. Encrypted data – When you are accessing data on cloud particularly SAAS on public cloud, data should be properly encrypted and it should follow government privacy law (GLBA, DPPA, FCRA, HIPAA, etc.).
3. Secure Data backup – Data backup is one of the key areas where provider and subscriber should focus about security. There should be clear understanding between provider and subscriber in SLA (Service Level Agreement) about data backup security. There should be secure tool to data transfer, backup data and restore data in cloud.
4. Virtualization Security – Virtualization is back bone of cloud computing. There are multiple risks associated with hardware or software virtualization like VM (Virtual machine) isolation, hypervisor or multi-tenancy. To mitigate risk there should be strong and clear isolation level among different VM. There should be good administrative access and control of VM and also good reporting and logging tool for different VM and administration.
5. Application Security — There are big challenges of application security in different layers of cloud as SAAS, PAAS or IAAS. Application vulnerability is available in almost all level and layer of cloud. To mitigate application vulnerability in cloud we should focus on some of security point as given below.
b) Audit and review the application security on cloud in each level of SDLC (Software
Development Life Cycle).
c) There should be clear security SLA (Service Level Agreement) of application between
cloud provider and consumer for each layer of clouds (SAAS, PAAS, and IAAS).
d) Encrypted Application data should transit over network.
Rajnish Kumar is CTO of Vanrish Technology with Over 25 years experience in different industries and technology. He is very passionate about innovation and latest technology like APIs, IOT (Internet Of Things), Artificial Intelligence (AI) ecosystem and Cybersecurity. He present his idea in different platforms and help customer to their digital transformation journey.