Showing posts with label cloud software. Show all posts
Showing posts with label cloud software. Show all posts

Tuesday, 4 March 2014

Should Businesses Really Worry About Cloud Security

Posted By: Security Geeks on 09:10


Several companies are jumping onto the bandwagon of cloud computing with a dream of saving costs and making IT infrastructure scalable and flexible. Yes, cloud computing can offer several benefits but at the same time, it comes with inherent risks and challenges that companies need to understand before implementing.

Challenges

Cloud computing, being a shared resource, faces several security challenges. Let’s look at them.

  • Data location: Under the traditional IT infrastructure, it was relatively easy to know and maintain the location of data. With cloud computing, data could be residing physically anywhere. If the exact location of the data is not agreed upon under service level agreement (SLA) with cloud service providers (CSP), it becomes difficult to know where it’s stored, specifically when CSP is outsourcing capabilities to third parties.
  • Data breaches: When it comes to cloud security, there are several factors that can lead to data breach. If CSP doesn’t implement adequate physical, logical and personnel control, anybody can access the data. Another way of breaching data is through the usage of virtual machines to extract private cryptographic keys used by other virtual machines on the same server.
  • Data loss: Data can be lost due to several reasons — natural disasters such as fire, flood or earthquake; a malicious hacker could delete the data out of spite; or encryption key could be lost when the entire set of data is encrypted. Recovering the lost data is a tedious task but it becomes impossible when the lost data is untraceable. Businesses may even get into trouble with regulatory bodies when the data they were supposed to store for years is lost without a trace.
  • Account or service traffic hijacking: Breaching data becomes easy for an attacker if he/she gains access to account credentials. He or she can not only eavesdrop on companies’ activities and transactions but can also manipulate data and redirect the companies’ clients to illegitimate sites.
  • Insecure interfaces and APIs: Interfaces are important for cloud provisioning, management, orchestration and monitoring; while APIs are integral to security and availability of general cloud services. If these elements are weak and insecure, the risk factor for organizations increases tremendously.
  • Denial of service (DoS): When companies are dependent on the availability of IT infrastructure 24/7, DoS is a huge problem. And this problem becomes an expensive one when organizations are billed by CSPs based on computer cycles and disk space consumed as DoS consume huge amount of processing time.
  • Malicious insiders: A malicious insider could be anyone, from current or former employee to a contractor or a business partner who gains access to network, system or data for nefarious reasons. This type of risk is particularly great when CSPs are solely responsible for security.
  • Cloud abuse: Many times hackers use cloud to break an encryption key that’s too difficult to crack on a standard computer, launch DDoS attack, propagate malware and share pirated software.
  • Insufficient due diligence: Unfortunately companies using cloud do not fully understand the contractual issues concerning liability and transparency. Also, if the company’s development team isn’t fully familiar with cloud technology, it can create operational and architectural issues.
  • Vulnerabilities arising out of shared technology: CSPs share infrastructure, platforms and applications to offer scalable services. Consequently, any issue in the underlying components that make up the infrastructure can make all the organizations on the server vulnerable.

Solutions

 There are several steps that CSP and companies can take to combat the threats stemming from cloud computing.

  • Robust security: Traditional approach toward IT infrastructure is no longer adequate. CSPs need to implement layered model to ensure the privacy and appropriate access of data in shared, multitenant cloud. This task will specifically include: content protection at different layers in the cloud infrastructure, such as at the storage, hypervisor, virtual machine and database layers; and mechanisms to provide confidentiality and access control, including encryption, obfuscation and key management.
  • Trust and assurance: Companies need to have confidence and trust in the cloud environment, including in physical data centers, hardware, software and resources employed by CSPs. On the other hand, CSPs need to establish an evidence-based trust architecture and control the cloud environment through adequate monitoring and reporting capabilities. CSPs should also be able to offer audit trails to help customers meet internal and external demands for provable security.
  • Isolation: CSPs can ensure isolation for companies’ data even within a multitenant environment by implementing multiple virtual data centers, each with its own virtual LAN. To up the security measures, each of the virtual data centers can be configured into one or more trust clusters, separated by demilitarized zones and virtual firewalls.
  • Confidentiality: To maintain the confidentiality of companies, CSPs can offer encryption and/or obfuscation. However, obfuscation in the cloud will require the use of new architecture and approaches to enable access to the original non-obfuscated data with maximum security controls.
  • Access control: Identity management and provisioning platforms should be utilized to ensure that only authorized users can access relevant applications and data. These measures should be supported by compliance and audit, and log management to let the companies track the movements in their clouds.
  • Control over credentials: Companies should prohibit their employees from sharing account credentials with other parties. They can also implement two-factor authentication techniques wherever possible.
  • Monitoring and governance: CSPs should offer resources that allow companies to monitor the security and compliance of their data. Also, the resources should allow the companies to take appropriate actions whenever necessary on the basis of the security information received from CSPs.
  • Cloud certified professionals: One of the smart moves that companies and CSPs can make is to hire professionals with cloud computing certification. As these employees are highly trained in the fields of cloud computing technology, architecture, security, governance and capacity, the threats to cloud security are minimized.
  • Precise SLA: Companies and CSPs should have clearly defined SLAs as they serve as blueprint as well as warranty for cloud computing. An ideal SLA should codify the specific parameters and minimum levels required for each element of the service; remedies in case of failures while meeting the requirements; recognition of the ownership of data stored on the cloud; details of the system infrastructure and security standards to be maintained by both the parties; and the cost to continue and discontinue the service.

About the Author:
Krishna Kumar, an engineer by education, has experience of serving the IT industry for 13 years. Currently he is the CEO of Simplilearn Solutions and displaying his expertise in e-commerce, through innovative online learning portal, which was started with the aim to help professionals round the world in achieving their world recognized professional certification. He wants to share a little about cloud computing certification training.
Read More


Monday, 10 February 2014

How Cloud Software Helps Event Professionals Better Manage Events

Posted By: Security Geeks on 18:10


Making use of event management software will simplify your work event management tasks by automating mundane activities. It will provide tools to manage simple events, multiple events, exhibitions, festivals etc. You can use it to easily connect with employees, participants, sponsors etc. However you can get the best benefits of this software by implementing it in a cloud instead of your physical PC systems. Here is a look at the top ten benefits of using cloud-based event software:

1. Access from Anywhere - Since the software operates from a cloud it can be accessed from anywhere thus eliminating the restriction of accessing it only from the system where it is stored. It is also be accessed by authorized employees from remote locations to report updates, input schedule etc.

2. Cost Effective – Cloud-based event software helps to avoid maintenance costs which can arise when it is stored in a system. This brings down electricity bills as you do not have to implement it in many PC systems, which also brings down cost of license purchase etc.

3. Faster Marketing – An online event page can be created and optimized with appropriate keywords so that it is easily picked up during search engine results. By posting information about the event in popular social media sites and other key internet resources with a link to your site, event marketing is completed faster. As a result information about the event is available for all those seeking it and it spreads quickly resulting in ticket sales.

4. Online Registration And Payment – Going online with registration and ticket payment enables the work to be carried out faster, thus saving time and money spent in printing tickets. Those who cannot go to your office to buy tickets can buy them online from their location through the event ticketing software which motivates purchase and brings about more sales.

5. Good Scalability – Cloud-based event software is scalable so as your work load expands you can increase work groups, projects, allot more system resources to the software and much more, without worrying about technical issues.

6. High Reliability – When event management software is stored in a cloud it is not affected by system crashes and natural disasters etc. Expenses incurred as a result of such losses is eliminated. Work can be continued in the face of system malfunctioning and other similar problems from anywhere.

7. Manage Repeat Events Easily – Cloud-based event software will store all data related to past events in the cloud. If you have to do a new event project that is similar to a previous event, just retrieve its details quickly from the cloud to use ideas, event framework, sponsor details, etc. for the new project. Doing the groundwork for the new project becomes faster.

8. Avoid Duplication – When you have event management software stored in different systems, there is duplication of data, which results in unnecessary utilization of important system resources. When the software is implemented in a cloud this can be eliminated, thus avoiding such system utilization and its associated expenses.

9. Access from Mobile Devices – The software can be accessed by employees while they are ‘on the go’ through Smartphones, tablets or Laptops. They can quickly communicate vital information, share updates and retrieve nay details they want for their marketing activities etc.

10. Higher Efficiency – Cloud-based event software brings about higher productivity, removes duplication, and reduces costs that result in better efficiency. This will bring your organization in the forefront for event management and fetch bigger projects.

By making use of cloud-based event software your event management is speed-ed up and you enjoy greater efficiency, which results in higher sales and helps you gain an edge over the competition.

Author Bio:-
Monik Makadiya works with iVvy, an innovative cloud software provider. Ivvy offers a suite of event management software solutions and has helped event managers worldwide to streamlines process, improve efficiency, boost participation in events. To know more, connect with Monik on Twitter at @painstakingMM.
Read More


Subscribe to: Posts (Atom)