04 Nov

Security Issues in Cloud Computing

Cloud computing is one of the most emerging technologies. There are following different types of Cloud.

Types of Cloud

As per Services Offered :

IaaS or Infrastructure as a Service : If the cloud offers the service of infrastructure like storage disks or virtual servers, it is called Infrastructure as a Service or IaaS. Examples include Rackspace, Flexiscale.

PaaS or Platform as a Service : If the cloud offers a development platform and it includes an Operating System and a programming language execution environment, database and web server, it is called Platform as a Service or PaaS. Examples include Google App Engine, Salesforce.

SaaS or Software as a Service : If the cloud offers access to software applications on per user basis, it is called Software as a Service or SaaS. Examples include GMail, Google Docs.

As per Deployment Models : 

On the other hand, as per deployment models there are mainly four types of clouds.

Private Cloud : Private clouds operate solely for a single organization. They can be managed internally or by a third party, hosted internally or externally.

Public Cloud : In a Public Cloud, services are rendered over a network that is open to public.

Community Cloud : Community Cloud shares infrastructure among several organizations from a specific community with similar concerns like security, compliance, jurisdiction etc. They can be managed internally or by third party, hosted internally or externally.

Hybrid Cloud : Hybrid cloud is a composition of two or more clouds, like private, public or community. It offers the benefits of multiple deployment models.

Security Concerns of Cloud

What are the security concerns that the cloud service providers and the clients need to take care of ?

If we look closely, we can see quite a number of security concerns, which we need to take care of while implementing or using the service of clouds.

Let’s discuss a few of them.

  1. The first security issue that we can think of is data breaches. In a multi-tenant cloud service, if the cloud service database is not designed properly, a single flaw in a single client’s application can give an attacker access to data of one or multiple client. Encrypting data can be a solution, but if you lose encryption key, you lose data. Again, keeping offline backups of data increase the possibility of data breaches.
  2. Secondly, we can think of the issue of data loss that the cloud service providers need to take care of. Data must be preserved from disasters like fire, flood or an earthquake.
  3. The next issue we can think of is account hijacking. If an attacker somehow hacks the account of the cloud service provider, he can eavesdrop all the transactions and manipulate data and redirect the clients to illegitimate sites and prepare for more attacks.
  4. Fourthly, the threat of insecure interfaces and APIs. Cloud service providers provide APIs and interfaces for usage, management, orchestration and monitoring of cloud services. Weak interfaces and APIs can expose the threats of issues related to data confidentiality, integrity, availability and accountability.
  5. The next threat is Denial of Service attack. Cloud service providers bill their client’s based on computing cycles and disk space consumed. An attacker, even if he may not be able to stop the services completely, he may consume much process cycles to affect the services to a significant extent.
  6. The cloud service providers also have to keep safe from malicious insiders. They have to monitor properly all its employees, contractors or business partners who access the cloud, network, services and data. A malicious insider or irresponsible access to data can lead to serious threats.
  7. The seventh issue is the abuse of clouds. A malicious user should not use the processing power of clouds for the purpose of breaking encryption keys or hack a system. A cloud service provider needs to take care of the abuse of their clouds.
  8. A cloud service providers provide resources like CPUs, GPUs and caches to multiple clients. A cloud must be designed to offer strong isolation properties. If an integral component gets compromised, it exposes the entire environment to a potential of compromise and breach.

So, if you are a cloud service provider or a user, it is better to keep these concerns in mind and design it properly.

04 Nov

All you want’s to know about — Managed Cloud Services

Some people like to do everything themselves. To manage their money, they open an online brokerage account and spend a lot of time researching investments and portfolio theory. To maintain their cars, they change their own fluids and filters and tires, and devote many hours to reading manuals and ordering parts. But investment vehicles and motor vehicles alike get increasingly complex. At some point, most busy, successful people — and busy, successful businesses — find it wise to focus on what they do best and let specialists do the rest. That’s a big part of the appeal of what we at Aristi Labs call managed cloud.

What is managed cloud? It starts with the simple truth that every cloud has to be managed by someone. Like your retirement savings or your car, it doesn’t manage or maintain itself. So every business faces two main options:

1. It can do everything itself. It can hire and train experts to perform all the complex tasks required to manage cloud infrastructure and tools and application stacks. Or it can manage and mediate among multiple providers: say, one for multi-tenant cloud infrastructure and a second for single-tenant servers or VMware in a colocation facility, and a third for support.

or

2. It can employ a trusted partner to manage all or most of its cloud.

 

Option 2 is managed cloud. It’s a service that allows businesses to tap the power of cloud computing without the pain of becoming an expert in everything. Companies that use managed cloud can focus on their core business — on building great applications and other new products, and landing new customers. They can stay fast and lean, rather than having to swell their payroll with large teams of ops engineers and system administrators and other experts to manage IT that doesn’t differentiate their company.

A managed cloud provider like Aristi Labs offers its customers big economies of expertise. The provider’s engineers manage not only the customers’ computing, storage, networks, and operating systems, but also the complex tools and application stacks that run on top of that infrastructure. These include the latest databases and ecommerce platforms, as well as DevOps automation tools. Managed cloud allows each customer to choose which IT functions it wishes to manage in-house, while leaving all the rest to its service provider.

Managed cloud services include, at the infrastructure level:

  • Architecture guidance
  • System administration and operations (Ops)
  • System monitoring, alerting, and reporting
  • Performance testing and tuning
  • Proactive communications and 24×7 support
  • A single point of contact for support
  • DNS management
  • Security and compliance management
  • Backup and disaster recovery
  • Database administration
  • Developer support and training

At the application and tools level, managed cloud services include:

  • DevOps automation tools: Chef, Puppet, Salt, Ansible, LogStash, etc.
  • Application deployment, scaling and lifecycle management
  • Specialized database management: MySQL, MongoDB, Redis, Hadoop, etc.
  • Managed visualization on VMware vCloud.
  • Management of Microsoft apps: SharePoint, Exchange email, Lync, etc.
  • OpenStack Private Cloud deployment and management
  • Digital marketing platform management: Magento, Oracle ATG, Hybris, Drupal, WordPress, etc.

One good way to frame managed cloud is to describe the major alternatives to it:

1. Unmanaged Cloud. Here, the customer rents access to infrastructure — often from a big provider like Amazon, Google, or Microsoft — and takes on all the burden of managing that infrastructure, as well as all the tools and apps that run on top of it. Customers who choose this option often get lower infrastructure prices than they would get from a managed cloud provider — along with higher total costs for hiring more engineers, supervising those engineers, and over provisioning to avoid contention for resources on multi-tenant infrastructure.

2. Multiple Providers. Some customers rent cheap infrastructure from one or more providers and then hire one or more providers to support that infrastructure. This option can deliver savings on infrastructure unit costs, but those are usually offset by higher support costs. Multi-provider arrangements often prove difficult for the customer to manage, with fragmented systems, no clear accountability for results and no single “throat to choke.”

3. Outsourcing: The largest enterprises sometimes outsource all or most of their IT operations to a big systems-integrator like IBM, HP, or CSC. These arrangements allow the customer to focus on its core business, but are very expensive. Big outsourcers also tend to move slowly. It can take weeks to change part of the customer’s configuration. More enterprises, and the developers who are pushing innovation within those companies, are finding that they can move more quickly and cost-efficiently by shifting new applications away from their outsource-rs and toward nimbler, less-expensive managed cloud providers.

Aristi Labs is the leading managed cloud specialist. We find that the managed cloud approach is appealing to more and more companies, large and small, that want to focus on their core business. As a wise person once said, focus isn’t about what you do; it’s about what you don’t do.

04 Nov

Why Small Businesses & Startups Need Cyber Security ?

According to The National Cyber Security Alliance, one out of five small businesses is affected by cybercrime each year. Worse, 60% of those hit go out of business within six months after the attack. In most cases, the potential consequences of a cyber-crime are immense and can paralyze a small business.

In the past, big corporations like JPMorgan, Sony, and Target have experienced serious data breaches resulting from cyber-crimes, while small organizations have attracted less attention. This does not mean that small businesses are not victimized. Here are the reasons why they need to start taking cyber security seriously:

1: Cyber Threats Are Real

According to a Verizon Data Breach Investigations Report, 60 percent of cyber-attacks target small and medium-sized businesses (SMBs). One mistake often made by these small businesses is to assume that they cannot be targeted, thereby making them easy targets. Hackers are aware that these small enterprises lack the resources, experience, or policies to fight them.

In another cyber security survey of 1,000 small business owners, 85 percent admitted that they believed large enterprises were more targeted than they were. This finding explains why small enterprises continue to pay little attention to Cyber Security. In reality, however, cyber criminals do not discriminate and have no priority targets. They attack any weak security system, whether it is a small business or a large one.

In late 2013, a Target breach exposed over 40 million consumers debit and credit card information as well as other personal records. The breach cost Target around $105 million and was a testimony of the harm that cyber threats can cause to a business.

2: Small Businesses Have Information Hackers Want

While small businesses do not have as many risks as larger businesses, the Council of Better Business Bureaus reveals that 7.4 percent of small business owners have been victims of fraud.

Small businesses hold customer and employee information, making them prime targets. The types of information that these hackers target range from online banking credentials to social security numbers.

Since these criminals are motivated by cash, business banking information needs to be safeguarded as much as possible. Before choosing a business bank account, a business should take all the necessary precautionary measures before settling on a suitable choice.

3: Cyber Criminals Are at Work Every Second

According to Trend Micro’s research findings, 3.5 new threats occur every second. The security software company further adds that these attacks are motivated by money. The findings highlight the increasing need to be vigilant towards Cyber security.

Trend Micro cites two factors behind this alarming increase:

  1. Small businesses are plenty in number and present a huge market for exploitation
  2. Larger enterprises have enhanced their security systems and have pushed hackers to look for smaller targets

Smaller businesses need to enforce their internal security rules. They need to be on the lookout for suspicious internet activities and prepare for an emergency plan in case of an attack.

4: Noncompliance Is Costly

The cost of compliance stands at $3.5 million for multinational organizations though the amount is smaller compared to the cost of noncompliance. Just like larger organizations, small businesses also deal with people, technologies, and processes, all of which can be a target of cyber crime. Therefore, it is misleading for small businesses to think they do not need to comply with data protection regulations.

5: Small Businesses (and Hackers) Are Moving to the Cloud

The overall cloud market for small to medium-sized businesses (SMBs) is today valued at $16.8 billion and is expected to approach $100 billion by 2020. In addition, more SMBs (74 percent) were planning to increase their expenditure on cloud-based software in 2016.

With all these developments, it is only right for small businesses to spend enough on cloud security. According to a 2010 Forrester report, only about 36 percent of SMBs plan to increase their spending on network security out of 84 percent who considered it a high priority.

In a Nutshell

The number of threats that cybercriminals unleash continues to increase exponentially, and small businesses run a risk of losing data, sales, productivity, and even money. Since any organization can be a prime target, it is vital to take all the necessary steps to safeguard business information, technologies, and processes.