How Cloud Services Have Delivered on Security

<p>Cloud computing has experienced significant growth over the years&comma; owing to the logistical and economic benefits that it offers to organizations&period; However&comma; there have been major concerns about the security of data stored on both private and public cloud systems&period; Cloud providers offer services&comma; such as cloud email hosting&comma; that eliminate the need for organizations to host in-house IT infrastructure&period; This might sound beneficial&comma; but some organizations feel that the absence of in-house servers and equipment denies them control&comma; as well as the ability to protect their critical data&period;<&sol;p>&NewLine;<h2>How Secure are Cloud Services&quest;<&sol;h2>&NewLine;<p>An online integrated system that handles sensitive data such as cloud email services must be protected from hackers and other threats&period;<br &sol;>&NewLine;Cloud email service providers like Mimecast use four types of security controls&comma; namely&colon;<&sol;p>&NewLine;<ul>&NewLine;<li>Preventative Controls&colon;<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>These are security measures put in place to detect vulnerabilities in the cloud system&period; As such&comma; the cloud service providers are able to address potential weaknesses that hackers might exploit to breach the system&comma; and minimize the damage caused by any such breach&period;<&sol;p>&NewLine;<ul>&NewLine;<li>Deterrent Controls&colon;<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>These are warning mechanisms set up to alert the cloud provider of potential signs of security breaches in the system including viruses and incidences of hacking&period; The warnings enable cloud providers to take immediate remedial action to prevent damage or loss of data&period;<&sol;p>&NewLine;<ul>&NewLine;<li>Detective Controls&colon;<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>These controls are set up to identify potential and existing attacks in the system&period; When the deterrent controls trigger a warning of potential threats&comma; the detective controls come into action to check if there has been an attack&comma; and signals the preventative and corrective controls to take remedial action&period;<&sol;p>&NewLine;<ul>&NewLine;<li>Corrective Controls&colon;<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>The controls take appropriate measures to prevent access to sensitive information and data loss&comma; once an attack occurs&period; In addition&comma; the corrective controls work together with preventative controls to stop attacks from bringing down the cloud system&period;<&sol;p>&NewLine;<h2><span style&equals;"text-decoration&colon; underline&semi;">The Types of Cloud Security Systems<&sol;span><&sol;h2>&NewLine;<ul>&NewLine;<li>Role-based Security<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>Role-based security refers to the model of assigning individuals different security levels&comma; depending on their responsibilities within an organization&period; For instance&comma; the security clearance for cloud email services enables respective employees to only access relevant information that they can use to execute their duties&period; The permissions are not assigned directly to individuals&comma; but through their roles within the corporate structure&period;<br &sol;>&NewLine;The role-based security model allows for effective data manipulation&comma; management&comma; routing and even modification within protected and segregated resources in a public or private cloud network&period; Cloud-enabled organizations are able to assign or reassign the roles of individual employees for various reasons including logistical control&comma; flexibility&comma; or to enhance security&period; However&comma; the cloud-defined roles remain constant&comma; regardless of employee assignment&sol;reassignment&period;<&sol;p>&NewLine;<ul>&NewLine;<li>Key Management<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>This refers to a security model that uses an independent credentials system&comma; which is separate from the file system&comma; to protect sensitive information in the Cloud&period; In this model&comma; an isolated portion of the cloud application that is inaccessible from the Internet is used for storing authentication keys&comma; user accounts&comma; and sensitive data&period;<br &sol;>&NewLine;Cloud-enabled organizations are allowed to specify the keys to be used in the authentication and encryption credentials&period; The key encryption takes place on an inaccessible server&comma; outside the cloud&period; In the event of unauthorised access to the file system&comma; the sensitive information remains secure&period; Some important factors to consider when implementing key management include&colon;<&sol;p>&NewLine;<ul>&NewLine;<li><strong>Data Encryption&colon;<&sol;strong> Most cloud providers use Advanced Encryption Standards &lpar;AES&rpar; to protect keys from hackers&period; An AES256-encrypted database is used for storing customer credentials &lpar;authentication and encryption&rpar;&period;<&sol;li>&NewLine;<li><strong>Key Storage&colon;<&sol;strong> All keys should be stored outside the public cloud infrastructure&comma; file system&comma; or credentials management zone&period;<&sol;li>&NewLine;<&sol;ul>&NewLine;<ul>&NewLine;<li><strong>Backup&colon;<&sol;strong> Organizations should have a back up of all sensitive information including file system and encryption keys&period;<&sol;li>&NewLine;<&sol;ul>&NewLine;<p><strong>Written by&colon;<&sol;strong> Nathan Morgan has been an IT professional for 14 years&period; His work is currently focused on Linux servers&period; In the past he has worked on secure data encryption and the development of a comprehensive data protection strategy&comma; including off-site backups and rapid data recovery&period;<&sol;p>&NewLine;