Cloud computing has the market divided into two groups. There are the proponents of the cloud, and then there are the opponents of cloud.
The cloud proponents have always sung praises about the benefits of cloud computing, such as – cloud’s scalability, ease of deployment, and reduced cost of IT ownership. But the opponents have always cautioned against security issues of cloud.
And with Amazon’s not-so-distant cloud outage, concerns over the cloud’s dependability and security have reared their head.
And who can blame them? We already had debates going around cloud’s multi-tenancy and a gray area traits. Suddenly, we have a name like Amazon going down with “black eye.” As a result, the market has grown wary of cloud computing. And what’s really giving CTOs restless nights is securing a database in the cloud environment.
Now when we say database security, let’s understand that a database does not stand alone in an enterprise. It is part of a larger IT network of an enterprise. It has an application sitting on top of it and a host that it interacts with.
Hence when we talk about securing the database, the security measures span across network, application, and host. We are already familiar with how to secure these three things.
So then what makes it so challenging to secure a database in a cloud environment?
Frequent Changes to Environment
The one particular trait that has made cloud so popular is its agility and flexibility. But this is also proving to be its fundamental nemesis. Servers in a cloud environment are continually provisioned and de-provisioned. Every instance of provisioning and de-provisioning makes these servers and databases residing in soft targets for hackers.
Secondly, cloud computing technology is highly dynamic. But they are also non-transparent in character. It isn’t easy to locate where an application sits in a cloud environment precisely. Add to that the non-transparency factor, and you won’t be able to map data exchange. It’s difficult to monitor data access and its use. It’s even more challenging to identify any data tampering or alteration.
We need an architecture that can do three things – locate databases in the cloud computing technology, centrally log database activities, and flag suspicious activities or access.
Loss of Control in Clouds
Loss of control is second nature to cloud environments, especially public clouds. The public clouds have applications for various enterprises residing in the same cloud space.
This makes it all the more important that we secure our databases. But in public clouds, it’s not only the hackers that we need to worry about. We have employees – current and ex of our enterprise and the cloud computing services provider – as potential threats. Losing control in such a setting is almost suicidal.
Our best bet here is to limit the number of people with full database access privilege to the minimum, vet the people working with the database thorough, and, if possible, log their access activities through a central repository.
Network Latency Issues
We do have suggestions for off-host processing making rounds in the market. But today, most of the cloud computing resources are made available via WAN. The network bandwidth of such WANs makes off-host processing less viable.
The very non-transparent nature of cloud environments makes it difficult to collocate a server with nearby lying databases. As a result, we end up spending additional resources and time on remotely processing every single transaction.
The additional time means we may not be really able to prevent malicious attacks on time.
The time lag can also affect application performance. And the additional cost does not make sense because the whole reason behind opting for a cloud environment is cost containment.
So this is again where the industry think-tank needs to do some serious thinking. However, we do have distributed monitoring solutions using sensors that flag local alerts becoming increasingly popular.
Privileged Users Conundrum
Privileged users are the most difficult to monitor in a cloud environment. But who are privileged users? These are the people who have access rights to a database and system administrators.
With unfettered authority, these privileged users can manipulate sensitive data and then smartly cover up their tracks. In a typical cloud environment, multiple applications are residing with their own set of privileged users. In the absence of effective security checks, it’s easy for any of these users to maliciously compromise your database.
The problem gets compounded in a public cloud environment. Unlike the private cloud, you cannot perform background checks on privileged users of third party applications co-habiting with you. As a result, many enterprises have resorted to stealth monitoring of third party privileged users – an act often challenged on ethical grounds.
Cloud applications are undoubtedly fraught with big-time security issues. Some of these are grave enough to discourage enterprises from cloud hosting. And then we have the recent failures which have done no good to cloud’s reputation.
But at the same time, the advantages offered by cloud environments are just too good to pass up for enterprises. So we need to start working our way around these security concerns, for clouds are certainly here to stay!
At Radixweb, we understand the significance of your cloud data. Thus, our skilled cloud computing professionals – develop cloud applications that are highly secured and innocuous from hackers.
Get in touch with us today to build for building futuristic cloud applications.