Put simply, all kinds of security measures are cheaper when implemented on a larger scale. Therefore the same amount of investment in security buys better protection. This includes all kinds of defensive measures such as filtering, patch management, hardening of virtual machine instances and hypervisors, human resources and their management and vetting, hardware and software redundancy, strong authentication, efficient role-based access control and federated identity management solutions by default, which also improves the network effects of collaboration among various partners involved in defense. Other security and the benefits of scale cloud computing include:
Most cloud providers have the economic resources to replicate content in multiple locations by default. This increases redundancy and independence from failure and provides a level of disaster recovery out-of-the-box.
Storage, processing and delivery closer to the network edge mean service reliability and quality is increased overall and local network problems are less likely to have global side-effects.
Improved timeliness of response to incidents
Well-run larger-scale systems, for example due to early detection of new malware deployments, can develop more effective and efficient incident response capabilities.
Cloud providers can also afford to hire specialists in dealing with specific security threats, while smaller companies can only afford a small number of generalists.
Security as a market differentiator
Security is a priority concern for many cloud customers – customers will make buying choices on the basis of the reputation for confidentiality, integrity and resilience, and the security services offered by a provider, more so than in traditional environments. This is currenly still a strong incentive for cloud providers to improve their security practices and compete on security.
Top security risks
Loss of governance
In using cloud infrastructures, the client necessarily cedes control to the Cloud Provider (CP) on a number of issues that may affect security. At the same time, SLAs may not offer a commitment to provide such services on the part of the cloud provider, thus leaving a gap in security defenses.
There still is little on offer in the way of tools, procedures or standard data formats or services interfaces that could guarantee data, application and service portability. This can make it difficult for the customer to migrate from one provider to another or migrate data and services back to an in-house IT environment. This introduces a dependency on a particular CP for service provision, especially if data portability, as the most fundamental aspect, is not enabled.
Multi-tenancy and shared resources are defining characteristics of cloud computing. This risk category covers the failure of mechanisms separating storage, memory, routing and reputation between different tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice compared to attacks on traditional OSs.
Management interface compromise
Customer management interfaces of a public cloud provider are accessible through the Internet and mediate access to larger sets of resources (than traditional hosting providers) and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities.
While usually less likely, the damage which may be caused by malicious insiders is often far greater. Cloud architectures necessitate certain roles which are extremely high-risk. Examples include CP system administrators and managed security service providers.
Feel free to contact E-SPIN for virtualization and cloud computing, cloud management, continuous availability, performance and security monitoring, testing and protection solution