This the fourth part of the cloud systems survey. We keep discussing about the security aspects of the cloud systems.
Corporates, Cloud Services and Market
Many companies already have their own networks. They are managed with different tools and systems. They have a tendency to convert these systems to cloud. The difference between “cloud” and the cloud the companies define is that, company clouds are “private”. While the idea of the cloud is to provide a single point of service for the service, companies and corporates intend to use their own private clouds where no one else can enter or where they can safeguard their own data (this is actually another trust issue between two companies, concerning industrial espionage). However a more important aspect for private company clouds is the “Agility” characteristic of the Cloud. Resources can be moved from one system to another, or disaster recovery is handled by the cloud system itself with auto-backup and failover services. It’s not very meaningful for corporates to rely on other companies too. While many SMEs should go for cloud services just to be able to compete with bigger players, corporates should manage their own private clouds and services. Currently none of the big players, including, Google, Microsoft, Sony, Amazon use someone else’s infrastructure. They sometimes takes some services from other vendors, but these services are not just their competitive advantage, they are just another channel for them to improve their service only for a niche part of their users.
On the contrary, SMEs should go for the cloud services. It’s always hard for a small company to compete with bigger guys because of the reasons mentioned in the “Cost Reduction” characteristic of the Cloud. While focusing on their core product, SMEs should not consider things like email servers, virtualization or development environment creation. By outsourcing such services, they can get “rolling” much faster, and they can release their products faster. This provides a huge competitive advantage against their bigger competitors because they need time to adapt to the changing requirements of the market.
Cloud For Black Hat Hackers and Crackers
Sony is one of the biggest corporation in the world right now. It has a huge array of products from televisions to mobile devices. Play Station is one of the most widely used game console system in the world. With the emergence of online services, Sony has created its own “marketplace” Play Station Network to distribute digital content (mostly games). PSN stored its users credit card information in order to ease the hassle of buying digital content etc.
In April of 2011, Sony announced that its machines were breached and private data concerning their users were stolen, including credit card information. Data was publicly released and spread quickly thanks to the peer to peer sharing protocols.
This problem raised a lots of questions regarding security. These questions were also based on the trust issues between the companies and end-users. Considering this case, if such a scenario might have happened in a cloud environment, what could have changed? Would it be worse? Or would it happen at all?
Considering optimal cases, it wouldn’t happened at all. Cloud systems are managed by the same versions and it’s just a click away to upgrade all of them using tools like Puppet. For individually managed computers, this is of course harder and cannot be managed by single clicks. Each computers are different individuals and it’s always harder to secure each one of them individually. Because of that, IT people tend to protect the network instead of single machines. A single machine, already connected to the network, can be breached if the security updates are not made. And it’s really harder to detect such outdated machines, if your network is big. While we have some issues regarding to the cloud computer’s security, it’s actually more secure then our previous solutions.
Considering a worst case scenario, involving a cloud service provider that is not very well on his job or that is a little bit negligent on the things it does. Once a single machine is breached, whole network is open to the attacker, however as the data is actually distributed, bits of Sony’s data is somewhere, and another bit somewhere completely different. This would help manage decrease the effect of the damage caused by the attacker. However, attacker while intending to attack Sony, might capture information related to another company in the process as the data is distributed. But damage is also minimal.
For Black Hat Hackers or crackers, cloud services are kind of a dream (or nightmare). If the service is not managed good enough, cloud can be a big boon for them. Lots of private data at their hands, once the security is breached. However it can also be a big problem too, if the cloud services are managed good enough. However as I had mentioned earlier, Black Hat Hackers are not generally harmful. They do what they do generally to prove a point. However crackers mostly intend to cause some damage or to gain advantage from the situation. Having even some part of the data from multiple companies can be enough for them. However as the servers are not managed individually, it’s harder to breach these systems and they require more then just tools to get over them.