CLOUD COMPUTING AND VIRTUALIZATION SECURITY 14
CloudComputing and Virtualization Technology Security
i)Defining cloud computing
ii)Defining virtualization computing technology
D.Cloud and virtual technology security management strategies
E.Major security threats and solutions in cloud computing andvirtualization technology
F.Major virtualization computing technology risks and the bestsolutions
CloudComputing is a computer networking model that application or programsfunctions on either a single or multiple interconnected serversinstead of a tangible device such as a smartphone, PC, or tablet. Thedata stored in the cloud implies that the information can only beaccessed through the internet. The technology is relatively new andsensitive since the information is not stored in a physical harddrive. In the past, an individual could only store data in a physicalcomputer’s hard drive, thereby making it easily accessible to a fewpeople with direct access to the computer or local network. In bothtraditional client-server and the contemporary cloud-computing model,a user requires linking to a server in order to conduct a task.However, cloud computing is quite different from the client-servermodel since it can operate on several servers simultaneously usingthe concept of virtualization (Samson, 2013). Virtualization makes itpossible to configure and subdivide either one or several physicalservers into numerous autonomous “virtual” servers. The virtualservers can run at the same time since they appear like a singlephysical unit to the user. In short, the virtual servers are detachedfrom the physical servers. This enhances versatility as the users cantransfer the servers to a different location, at any time, as well asscale them upwards or downwards without inconveniencing the end user.However, some people are worried that using cloud technology instoring or transferring sensitive information risks exposing it tounwarranted parties. This research hypothesizes that cloud computingand virtualization are secure technologies from interception byunwarranted parties (Krutz & Vines, 2010).
Manyentrepreneurs believe that cloud technology would be the future ofcompeting as it offers a variety of attractive advantages. Forexample, the technology guarantees customers more affordable, easy tomaintain and quicker servers. In addition to businesses, severalinternet users have also been using the cloud services such as theDropbox and Google docs. Fortunately, the computer technologydevelopers have invested heavily on mechanisms and processes that areaimed at protecting computer attacks such as constructing safeoperating systems, installing hardware applications designed forblocking unauthorized access to the servers, and usingsecurity-conscious design methods (Krutz & Vines, 2010).
CLOUDAND VIRTUAL TECHNOLOGY SECURITY MANAGEMENT STRATEGIES
Thecloud security infrastructure only becomes efficient afterapplication of appropriate defense mechanisms. For example, suitableinfrastructure should be designed with consideration of potentialsecurity management threats. Security managers control the problemusing security controls. The controls are established forsafeguarding weak points in the system, as well as reducing thestrength of an attack. The cloud security architecture has a varietyof controls, but the following are the major groups:
Thecontrols are established at various strategic positions for shieldingany deliberate attack directed towards a cloud system. The mainobjective of the controls is acting as warning signs mounted onproperty or fence. This implies that the controls do not contributein reducing vulnerability of a system from potential damage resultingfrom intrusion (Krutz & Vines, 2010).
Thecontrols enhance the security of the system through managing theweaknesses. The controls are designed, in a way, that they wouldcomplicate vulnerability of the system during an attack. The extentof damage, as well as violation of security of cloud systems withpreventative controls, is significantly less than a similar systemwithout such measures (Samson, 2013).
Theobjective of these controls is reducing the consequence of an attack.These controls differ from the preventative varieties in that theyfunction when an attack is active (Krutz & Vines, 2010).
Thecontrols help in identifying active attacks within the cloud system.If the detective controls discover an ongoing attack, it signalseither corrective or preventative controls to solve the problem(Krutz & Vines, 2010).
MAJORSECURITY THREATS AND SOLUTIONS IN CLOUD COMPUTING AND VIRTUALIZATIONTECHNOLOGY
Asseveral companies are adopting cloud computing and virtualizationtechnologies, developers in the field have continuously faced greaterchallenge of creating enhanced security that would in turn help inprotecting the clients’ data. During the 2013 RSA conference in SanFrancisco, the Cloud Security Alliance (CSA) identified a variety ofsecurity threats facing the technology, as well as some diversecountermeasures that users can apply in maintaining their safety. Thefollowing is an analysis of the major problems facing the industry(Krutz & Vines, 2010).
Databreaches and encryption
Accordingto the CSA, data intrusion is a major security problem in cloud andvirtual computing technology. An intruder using a virtual machine canutilize the side-channel timing information in acquiring privatecryptographic keys that other VMs in the same server are using.However, wicked hackers do not require interfering with all themachines in order to access their data. Poorly designed multitenantcloud system database puts the entire service in danger because thehacker can easily access the data of other persons using the sameserver. The biggest challenge in solving data leakage and data lossis that the best solution for solving one problem may worsen theother. For example, encrypting the data reduces vulnerability of theinformation from hackers (Winkler, 2011). However, if the databaseowner loses or forgets the encryption key, he or she will lose theinformation as it is impossible to undo the encryption. On the otherhand, the database owner may also consider keeping an offline backupin a physical hardware, although it enhances exposure of the data topeople with physical access to an unsecured database storage. Dataloss can affect a business a business negatively since it may losethe information of reliable customers or in some cases placesconfidential details of their customers at risk. In addition,entrepreneurs can get into a problem if they lose information sincesome legal requirements such as HIPAA require well updated databasesystem (Samson, 2013).
Cloudcomputing environment and protecting credentials
Theservice or account traffic hijacking is another serious problemassociated cloud and virtual computing technology. Samson (2013)claims that attackers with access to the credentials for accessing agiven account or server may spy on the transactions and otherconfidential activities taking place on the server. In addition, theintruder can manipulate the data exchange through redirectingcustomers to rogue websites and or sending incorrect information.Attackers often use service and account platforms as their base forattacking target clients (Samson, 2013). The CSA claimed that the2010 attack on the Amazon website was accomplished through hijackingthe credentials of the website. The best strategy for protecting anaccount or database system from hijackers is through efficientguarding of the credentials. A company should prohibit the team incharge of managing the information system should refrain from sharingtheir computers and other sensitive information with strangers. Ifpossible, the companies should establish complicated two-factorverification process. This would make it challenging to acquire thecomplete information intruders require for accessing the database(Winkler, 2011).
Usingsecure interfaces and APIs
Theinformation technology administrators depend on interfaces forefficient cloud management, provisioning, monitoring, andorchestration. The APIs are indispensable for achieving maximumsecurity and providing regular cloud services. However, many thirdparty organizations have developed add-ons that run on the foundationinterfaces. The add-ons enhance intricacy of layered API (Winkler,2011). Besides, the cloud system also becomes more vulnerable as theoriginal developers of the interfaces may require giving some detailsconcerning the program for them to develop compatible software.According to the CSA, the organizations should fathom the securityconcerns attributed with the orchestration, management, usage, andtracking cloud service delivery. Poorly developed APIs and interfacesmay expose organizations to security problems concerningaccountability, confidentiality, availability, and integrity (Samson,2013).
Thecost of maintaining the cloud computing system can be very costlydepending on the size of the firm, data sensitivity, and thepreferred method of protection. This makes some companies incapableof maintaining the security services, especially, if the businessinvolved is a small-scale business with little income that cannotsustain the company. Denial of service (DoS) has been an internetrisk for a long time, but the challenge has become greater since thecloud technology demands full-time security supply (Samson, 2013). Insome cases, attackers dot gain the entire control of the system, butthey make it very slow such that the customers or service providersto take down the security themselves. The phenomenon is mainly commonamong customers charged for maintaining the security dependingcompute cycles. Cloud and virtualization computing technologiessecurity can improve if developers can offer affordable solutionswith limited outages. This will enable the customers to purchaselong-term plans that would in turn improve the security of thesystems (Samson, 2013).
Closescrutiny on the employees
TheCSA also ranks malicious insiders among the serious security threatsto cloud and virtualization technology security. The staff membersmay be a former, current or a business associate who is familiar withthe security system of a given business. Prior to an organizationallowing an individual to handle data or even access the networksystem, due diligence is necessary for determining an employee’slevel of trustworthy. In case the system is poorly designed, a wickedinsider would be in a better position for causing even greaterdamage. The risk level increases depend on the service model theattacker has regarding the database such as PaaS, IaaS, and SaaS. Inthe recent companies, companies are refraining from placing singleperson in charge of the cloud and virtualization database securitiessince the individual can cause extreme damage to a company if theydecide to abuse the security information they hold against a givenbusiness (Winkler, 2011). A business can prevent dangerous insiderdatabase attack through scrutinizing new employees closely forensuring they have no criminal records. In addition, businessesshould establish create a confidential document that potentialemployees should sign agreeing to maintain the confidentiality of thecompany’s database information, both during and after expiry theirwork contract. On the same note, the CSA encourages database handlersto change keys and passwords for accessing the database each time thedata handler is changed (Samson, 2013).
Thecost of a given application can vary significantly from one dealer tothe other. However, database managers should be wary of purchasingunreasonable cheap software. If a hacker finds it very challenging tobreak the encryption key on regular computers, they may resolve todistribute pirated software (Samson, 2013). The pirated software isoften compromised as it may contain malware that helps the bad personin stealing the encryption key required for accessing the data. Everybusiness should investigate the legitimacy of software vendors priorto purchasing information protection software (Winkler, 2011).
Severalbusinesses adopt cloud and virtualization technologies because theyare trendy without understanding the basics of the technology first.The CSA recommends that all businesses should understand the basicsof the technology prior to integrating it into their businesses. Thiswould in turn help them to avoid common mistakes that risk exposingtheir data to malicious persons (Samson, 2013). Many companies faceoperational and architectural problems after adopting the technologywithout investing adequate due diligence. A good understanding of thetechnology is essential, as a business would in turn acquire thenecessary applications, as well as skilled persons for running theprograms (Winkler, 2011).
Sharedtechnology is another security threat in cloud and virtualizedcomputing technology. Many cloud system providers share applications,infrastructure, and platforms in delivering their services inmeasurable limits. Samson (2013) asserts that foundational componentsthat create an infrastructure such as GPUs and CPUs are not designedfor providing strong isolation characteristics for re-deployableplatforms (PaaS), or multi-customer applications (SaaS), ormulti-tenant architecture (IaaS). This implies that the risk ofshared vulnerabilities is present in every delivery model. Thedatabase manager should consider reinforcing security of the integralcomponents considering that a single compromised factor makes thewhole environment susceptible to malicious intruders (Winkler, 2011).
MAJORVIRTUALIZATION COMPUTING TECHNOLOGY RISKS AND THE BEST SOLUTIONS
Virtualizationcomes with numerous security risks that potential users shouldaddress in order to receive maximum benefit from the technology. Manybusinesses that have just begun using the technology often experiencecritical security problems. The following are some efficient methodsthat individuals planning to undertake virtualization technology canapply to achieve maximum safety.
Creatinga “Good List” for each VM
Thisimplies that the database manager should identify appropriate dataand functions that each server used in the storage of businessinformation should handle. The list of desirable and permittedsoftware, as well as services for a server varies depending on itstype and function in an organization. For instance, a databaseback-end runs certain protocols and applications, which should flowboth in and out of the VM to accomplish the desired outcome (JuniperNetworks, Inc, 2012). However, other applications and protocols wouldbe unnecessary. For example, running the FtP in such a server wouldnot be necessary considering the protocol is rarely used in theprocess of transferring data in and out of a VM. In addition, itcontains a loophole that people with malicious intent can use inaccessing confidential information of the business (Goodin, 2012).
Monitoringand protecting the Hypervisor
Whenestablishing security system in a virtualized environment, both theVMs and the hypervisor should be protected. The VMware developershave created technology that operates in Vsphere-specificcapabilities that support third-party security measures invirtualized environments. The Vmsafe provides excellent visibility tovirtual machine functions, thereby facilitating monitoring of all theexecution aspects of virtual machines (Juniper Networks, Inc, 2012).This helps in detecting and stopping beforehand undetectable malware,rootkits, and viruses in time to prevent them from damaging themachine. Businesses intend to maximize hypervisor and VMs securitymust be Vsphere enabled so that they can attain VMware partnersolutions that provide layered defense solutions in the hypervisor(Goodin, 2012).
ImposeAccess regulation per VM
Thevirtual machines serve in the same capacity as a physical server inthe traditional computing technology. The VMs can accomplish varioustasks such as Web serving, file shares, extranets, applicationservers, and databases among other functions. A single physicalmachine can host several VMs. In addition, the traffic passingthrough the server can quickly breed worms, malware, and maliciouspersons’ activities. This makes scrutinizing traffic passingthrough VMs essential through establishing access controls requiredfor blocking undesirable protocols (Juniper Networks, Inc, 2012).Besides, the security manager should also observe certified servicesand applications to ensure they are free of malicious traffic andunauthorized protocol intrusion. After enforcing the access controlof the crucial business, communications can progress with maximumversatility that virtualization technology offers. On the same note,the database managers can be assured of the security of the storedinformation (Goodin, 2012).
Justlike the physical servers require protection, the virtual serversshould also be protected from unauthorized access and malicioussoftware. The database managers achieve this ambition through usingsecurity controls and policies that obstruct unwarranted protocolsfrom accessing or manipulating a given VM. The blocking services forthe first layer that lowers the probability of a successful attack toalmost nil (Goodin, 2012). The second layer is designed to provideprotection through tracking and identifying certified traffic thatmay content inserted by an insider intending to steal ormisappropriate database content of an organization. The protectionbecomes possible as it can identify certain behaviors and signaturesassociated with malicious software. In addition, the antivirus loganalysis, and aggregation are other major security technologies usedin detecting malicious activities in the virtual environment (JuniperNetworks, Inc, 2012).
Virtualnetworks are composed of many distinctive characteristics andoperations that provide users with maximum benefits from their datacenter hardware. However, for an entrepreneur to gain maximum benefitfrom the technology, he or she would require emphasizing onpurchasing software designed for given functions (Juniper Networks,Inc, 2012). The right software facilitates full utilization of thecapacity and memory of a computer without interruption. Securityexperts recommend that database handlers should utilize applicationsthat would work efficiently in the system when executing its duties.For example, the antivirus and other layered defense applicationsshould work without interruption (Goodin, 2012).
Insummary, cloud and virtualization computing technologies are trendysystems because they help in maximizing the resources of a company. Asingle physical server can be used in managing several virtualservers. However, many entrepreneurs are concerned with the securityof the technology. Fortunately, this research has focused onevaluating innovative measures that the system developers havecreated to help in protecting the database from unwarranted intrusionwithout reducing the efficiency of the end user. The securitymeasures range from deterrent, preventative to detective strategies.The result of the advanced protective system is the provision of asecure and efficient database system. Therefore, cloud computing andvirtualization are secure technologies from interception byunwarranted parties.
Samson,T. (2013). 9top threats to cloud computing security.InforWorld. Web. Retrieved on July 3, 2014 fromhttp://www.infoworld.com/t/cloud-security/9-top-threats-cloud-computing-security-213428
Goodin,D. (2012). Virtualmachine used to steal crypto keys from other VM on same server.Arstechnica. Web. Retrieved on July 3, 2014 fromhttp://arstechnica.com/security/2012/11/crypto-keys-stolen-from-virtual-machine/
JuniperNetworks, Inc (2012). FiveBest Practices to Protect Your Virtual Environment.Web. Retrieved on July 3, 2014 fromhttp://www.juniper.net/us/en/local/pdf/whitepapers/2000379-en.pdf
Kusnetzky,D. (2011). Virtualization:A manager`s guide.Sebastopol, CA: O`Reilly.
Krutz,R. L., & Vines, R. D. (2010). Cloudsecurity: A comprehensive guide to secure cloud computing.Indianapolis, Ind: Wiley Pub.
Winkler,V. J. R. (2011). Securingthe Cloud: Cloud Computer Security Techniques and Tactics.Burlington: Elsevier Science.