Cloudy and a chance of threats

Share this article:
Anthony James
Anthony James

The term “cloud computing” puts both giddiness and fear in the hearts of IT managers around the world. Adopting cloud-based services gives organizations many benefits, but it also opens them up to many risks and vulnerabilities.

Securing the cloud will be one of the biggest challenges for network managers as more companies adopt services, such as storage for rent, software as a service, virtual IT and application hosting. The concept of protecting data-at-rest versus data-in-motion comes into play, forcing organizations to examine various security mechanisms to secure their data while it's stored or circulated in the cloud and when it's brought back to the network proper.

These challenges include application control, encryption, SSL inspection, data leakage protection and anti-virus. Data while at rest in the cloud may be protected in a lock-and-key manner to prevent unauthorized access, but infected data is not necessarily cleansed in the cloud.

To guard against any data loss of confidential projects for data stored in the cloud, IT administrators must ensure the vendor has an access control security policy and that data cannot be leaked. As well, regulatory compliance considerations need to be evaluated as part of the cloud-vendor selection criteria.

When it comes to data in transit, administrators should ensure the network security solution can inspect application content for malware, determine whether or not it is encrypted, and make certain it can look for threats as data enters and leaves the network.  

When it comes to data in use, ensure the vendor provides adequate protection so that data is clean of malware and that co-located content is not infected if malware is present.

It's also vital to ensure that appropriate client security controls are in place so that data downloaded from cloud-based services is not infected and carried into the network or back into the cloud.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Opinions

Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

Me and my job: Chris Sullivan, vice president ...

This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.

Threat of the month: SVPENG

Threat of the month: SVPENG

We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.

Security assessment stability

Security assessment stability

We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.