Ever more companies are proving that cloud computing continues to be a major trend in the IT field. For instance, IDC recently predicted that spending on public cloud services would reach $160 billion by the end of this year.
When it comes to security, however, the same issues and concerns persist today as they did several years ago. Take any research report which asks about organisations’ concerns with cloud migration and security is usually the number one. What if I get hacked? Where does my data go? In some ways, it is becoming even more of a problem today. A recent research report argued that as companies go further into their cloud ambitions their security becomes particularly problematic as their infrastructures become more complex.
So what do you need to know?
Advantages of cloud security and how to secure virtual machines
It is important to note that the cloud has multiple advantages in terms of hardware optimisation, including scalability, availability, high efficiency, and dedicated management. Scalability allows you to expand your resources dynamically to meet requirements at any given time; availability means the user does not have to worry about the performance of their own equipment, as their device displays the result of server-based data processing; high efficiency means data is not processed by a single device but by a computing cluster; and dedicated management means there is no need to use different sub-systems or additional functionalities.
In general, the client’s task is to select the range of cloud-based services required, and the supplier’s task is to provide a reliable solution with access to data.
Due to changes resulting from the amendment of data protection regulations, it is worth bearing in mind that cloud computing platforms should be secured. The cloud computing concept is very close to virtualisation – and thanks to the use of virtualisation on physical servers, there can be many virtual machines. This allows equipment performance to be maximised. The cloud computing layer connects users with physical servers, meaning virtual machines can be moved freely on the entire platform regardless of where the device is actually located.
Crucially, this means that the cloud computing environment allows a user to access their data via the Internet from anywhere in the world.
The virtual machines on which data is stored should be protected against attacks by cybercriminals. The most important tools for securing virtual machines include:
Firewall: The main task of the firewall is to monitor network traffic and to pass and block data packets in accordance with pre-defined security policies. By using firewalls, virtual machines will be separated on the network layer.
IPS: As a virtual machine emulates a physical device, it is just as vulnerable to hackers who exploit system errors and bugs. The intrusion prevention solution (IPS) can block attempts to break into the system.
Tools for verifying data integrity: Virtual machines are often stopped by an administrator to allow configuration changes, and backups are made so that new solutions can be tested. It is quite common that the data between the original machine and the one being tested are different, so it is important to compare the two in order to avoid file integrity errors.
Antivirus protection: A virtual machine, just like a physical one, can be infected by a virus. What’s more, the virtual machine can be infected when it is offline. A good antivirus system should be characterised by a fast and silent online scanner and a virus database that is updated at least daily. The system should also integrate well with the add-ons that support the virtual machine, and detect newly created VMs.
Conclusion
These examples are the foundations of protection for a virtual environment located on a cloud platform. It is also worth remembering the principle of rational use of the resource and employing cloud platform providers’ best practices. If in-house knowledge is lacking, there are organisations that can help. In this respect, Comarch ICT Department (to read more click here) has a cloud-based platform development team, and engineers who specialise in the whole spectrum of security for IT solutions.
Dariusz Wójcik – ICT Solutions Product Manager in Comarch, https://www.comarch.com/trade-and-services/ict/