4 Responses Dec 18

Laxmikanth Work:

The main concerns in information technology security are data security and user privacy. However, many organizations are reluctant to implement a cloud computing system as they are afraid of the incapability of this system in dealing with key security attacks. Cloud computing is very important due to its tremendous benefits (Ismail, 2019). Some of the benefits include monitoring security and offering patching, therefore, organizations must dispel myths relating to cloud computing.

One of the cloud computing myths is that data stored in the cloud are less secure. The information departments of all companies are primarily concerned with data security. As data breaching and information hacking rise, some organizations tend to believe it is safe for data to be stored in the premises (Neumann, 2014)  .However, the storage of data on the premises is not an effective method of protection as it will increase its vulnerability to possible natural catastrophes.

            Also, some organizations believe that it is easier to attack cloud since data storage is maintained by the service providers hence increasing its susceptibility to threats. This is not true because one of the keys benefits of cloud computing is monitoring security. It also protects both external and internal networks from malware. Additionally, some believe that accessibility to data in the cloud is open for anyone (Neumann, 2014).They assume that cloud permits the sharing of network spaces by several users and because the majority of the cloud be organizations’ competitors, they assume that this poses major security threats.

 An organization cannot check how its data is being utilized. This is another myth that causes some organizations to delay the adoption of a cloud computing system. They claim that they may not know how third-party service providers are using their data. However, this can be solved by furnishing audit logs that help in tracing individuals who had accessibility to the data. Also, background checks are important in determining these individuals. Furthermore, some companies believe that cloud computing will challenge compliance regulations for data protection.

The fact is that cloud service providers can help organizations to comply with these regulations (Neumann, 2014). The only thing that companies need to do is to be clear concerning the types of data that they storing in the cloud so as to ensure that all the data are within the requirements of data security. Nevertheless, companies must vet their cloud service providers and reassess the solutions that they offer so as to determine if they will assist in meeting the required data security measures.

 

In any event, when utilizing a cloud security supplier, the IT office is as yet liable for securing organization resources, and must guarantee consistency, the report noted. Organizations must contribute the time and assets expected to get consistency approaches right and secure data.

Cloud Security Union, incorporates information ruptures, account commandeering, shaky APIs and disavowal of administration. These worries are not new to the Internet economy. An assortment of protections can be utilized against these assaults, including fundamental firewalls, weakness checking, encryption, organize interruption recognition and system interruption counteractive action, multifaceted access control, and checking. Executing a progression of concentric barriers can give a more grounded security pose. To make the similarity of securing your home, having a deadbolt on your front entryway doesn't let you know whether a robber is turning the door handle or shaking the window to check whether they are opened. It just prevents the criminal from coming through the front entryway. By executing frameworks, for example, interruption identification what's more, interruption avoidance close by the firewalls, nature distinguishes if somebody is attempting to discover a route in and in the event that they are fruitful. The increases in encryption and weakness examining include significantly more layers of security.

 Reference:

Ismail, N. (2019). Cloud computing is becoming more and more important for businesses. Retrieved 8 October 2019, from https://www.information-age.com/cloud-computings-importance-businesses-123467712/

Neumann, P. (2014). Risks and myths of cloud computing and cloud storage. Communications Of The ACM, 57(10), 25-27. DOI: 10.1145/2661049

Ashley Leonard. (2019). 5 cloud security myths. Retrieved from https://techbeacon.com/app%20dev-testing/5-cloud-security-myths-get-past-them-lift-your-organizations-game.

Sravani Work:

Cloud Security Myths

Cloud Security is important to handle increasing security issues in the technology world. There are real threats as well myths in cloud security which are stopping organizations from migrating to the cloud from legacy data centers. Some of the security myths discussed in the video are the cloud is not secure, the cloud is perfectly secure, cloud security is too complex to maintain, all cloud service providers are the same, on-premise systems are much safer, OMG cloud. I believe all the myths discussed in the video are true and common among new organizations who are still using legacy systems or planning to migrate to the cloud. Cloud security truths discussed in the video are perimeter-based security doesn’t apply, distributed threat surface, new tools are required, new policies and procedures are required, lot of cloud options means lots of cloud security options.

Cloud Security Myths vs Truths

Myths of cloud security are the cloud isn’t as secure as on-premise infrastructure, my cloud provider will handle all my security requirements, the security tools I’m using right now can integrate with the cloud, access control isn’t a problem in the cloud, cloud multitenancy puts my data at risk, the cloud is already secure; we don’t need to monitor it for security breaches, the cloud will make it harder to comply with data protection regulations. Security remains a top priority for enterprises moving to the cloud, and for good reason. Cloud providers implement data encryption and privacy measures to ensure every user’s data is safely stored. Solutions providers will outline specific responsibilities for both themselves and your business in their service level agreement (SLA). It might be tempting to assume your legacy security tools will be able to handle security for your cloud solutions, but this isn’t always the case. While some on-premise security tools do support integration with cloud solutions, it’s a safe bet that you’ll need to add new security tools to your infrastructure. These could be native security tools provided by your cloud solution vendor, or they may be third-party installations. The cloud can be accessed from virtually anywhere — which can open the floodgates for a security threat wanting to get into your cloud deployment. You need to maintain access control over your cloud environment to protect your data and prevent unauthorized users from entering your system. Public cloud environments are multitenant environments, operating multiple users’ cloud data on the same server. This might seem dangerous at first, as it sounds like other users might have access to their data (Hein, 2020). One of the reasons to use public cloud is because meeting compliance and data sovereignty requirements can be a lot less complex (Perlman, 2018). As opposed to isolating security to the purview of dedicated security pros, best practices include making security everyone’s problem. For example, shift security left in the software development lifecycle, implementing security during development, rather than waiting for deployment, or worse, after deployment. Make developers part of the process rather than taking an adversarial approach. Offer developers self-service functionality to assess security of a stack they’re about to deploy, and provide tools to auto-remediate issues before they go into production (Alvarenga, 2020).

References

Alvarenga, G. (2020, September 25). Cloud Security: 12 Myths vs Facts. Retrieved December 17, 2020, from https://blog.checkpoint.com/2020/09/28/cloud-security-12-myths-vs-facts/

Ashe, X. (2018, October 31). DEF CON 26 BLUE TEAM VILLAGE - Xavier Ashe - Cloud Security Myths. Retrieved December 17, 2020, from https://www.youtube.com/watch?v=W_O7mziH3vM

Hein, D. (2020, August 10). Six Common Cloud Security Myths Debunked and Explained. Retrieved December 17, 2020, from https://solutionsreview.com/cloud-platforms/six-common-cloud-security-myths-debunked-and-explained/

Perlman, A. (2018, December 05). It's Time to Get Real: Exposing the Top 10 Cloud Security Myths. Retrieved December 17, 2020, from https://www.securityroundtable.org/top-10-cloud-security-myths/

Spark, D. (2015, May 13). 20 of the Greatest Myths of Cloud Security. Retrieved December 17, 2020, from https://www.cio.com/article/2922374/20-of-the-greatest-myths-of-cloud-security.html