Why is Cyber Security so Complex in Cloud Technology?
To help illustrate the magnitude of security risks that the Cloud entails, we will first metaphorically compare computers to municipalities where management and social services - including police - represent IT personnel while the disruptive elements of crime represent malicious computer use.
An offline personal computer is akin to a small island colony where the threats to public safety are primarily internal. The number of new threats to deal with is limited, since a deliberate action (vessel) is needed to bring them into the system (island). So resource management, access control, and regulatory compliance are the primary tasks of the municipality's managers.
The Risks of Moving Online
If you take that island and connect it to the world, its productivity cap grows higher - but a higher level of threat awareness is also needed. Traffic into and out of the island needs to be monitored, resource use needs to be checked to avoid nefarious acts like clandestine coin mining in the business district, and there's always a chance that a local is tagged and monitored while out and about. Compromised security can be devastating financially, but the effects are generally limited to the inhabitants of that island.
The next level of metaphorical growth is where you'll find the servers of companies who are tech-savvy but are providing more limited services than a Cloud provider. These digital metropolises have robust capabilities spread across multiple suburbs the size of the smaller islands. This has all the security issues of the previous growth level, but the open invitation and greater productivity create an attractive target for criminals who have moved beyond the low-hanging fruit of connected islands.
Now, the management team needs to make sure these boroughs work together while allowing a steady flow of traffic in and out that neither gets congested nor causes a security threat. If it does happen, the business and privacy of everyone working with that city are put at risk.
Cloud Metropolis: Working with the Cloud
Now, we've arrived at the modern Cloud "metropolis". Like the metropolises designed to lure in traffic from smaller towns, the Cloud is designed to draw in traffic from both the same towns and the metropolises themselves. Expansive manufacturing and commercial districts are created and rented out, but even the Cloud's managers may have difficulty determining what exactly a renter is doing with their space.
Conversely, the other towns using that space have limited--or no--say over the management of the systems that they are now dependent on to function. This requires a high level of trust between the renters and owners, even more than monitoring traffic between smaller municipalities. The management team needs to control all of the existing technologies that built up the smaller cities, but now they have been expanded and may affect a massive number of users.
Digging Deeper into the Security Risks of the Cloud
The acceleration in security complexity for Cloud computing should be illustrated for those just getting into IT, but it lacks the meat of a real explanation. A Cloud computing service uses a massive amount of computing capability and a wide range of existing IT technologies to offer infrastructure, software, or a platform for other users to utilize.
They do so with powerful server computers that have been digitally compartmentalized through a process called virtualization. Users are allowed a degree of control within that virtualized environment, but they cede control over all of the nuts-and-bolts of the hardware and software behind that virtualization to the Cloud provider.
Shifting the responsibility may be more secure for individuals and smaller companies with no dedicated IT departments, but it represents a critical security risk for any company who operates a large network (Modi et al 3). If a company is working with health data, transferring their workload to a Cloud environment requires special consideration of the Health Information Portability and Accountability Act (HIPAA) and their rulings on Cloud security.
Sometimes, even the advancements in hardware technology that permit the Cloud to exist create vulnerabilities, such as the Rowhammer exploit that can bypass memory access control by inducing charge between the close pathways of a memory stick. Ultimately, as the Cloud grows and encompasses more capabilities, it also takes in all of the vulnerabilities that those underlying systems had, and creates a complex web of security threats up and down the OSI layers.
Getting Ready to Secure the Cloud
Are you interested in cloud computing? If you want to secure the cloud against intruders, earning a Bachelor of Science Degree in Computer and Information Science with a Major in Cyber and Network Security - Cloud Computing Track, could help get you there. ECPI University offers this degree program at an accelerated pace. For more information, connect with a friendly admissions advisor today.
It could be the Best Decision You Ever Make!
DISCLAIMER – ECPI University makes no claim, warranty, or guarantee as to actual employability or earning potential to current, past or future students or graduates of any educational program we offer. The ECPI University website is published for informational purposes only. Every effort is made to ensure the accuracy of information contained on the ECPI.edu domain; however, no warranty of accuracy is made. No contractual rights, either expressed or implied, are created by its content.
For more information about ECPI University or any of our programs click here: http://www.ecpi.edu/ or http://ow.ly/Ca1ya.