Ensuring security when your cloud is compromised

_{Photo by Nilesh: Nilesh (All Rights Reserved)}

Ensuring security when your cloud is compromised

When your entire data is available at the hands of your adversary, how do you make sure that the adversary who now has access to your data, is not really able to do anything with your data. How do you actually make that happen?

All Clouds Considered is brought to you by Cloud Genius®

Rated among the top 10 cloud programs, Cloud Genius the fastest way for you to be highly productive on your job with cutting edge technologies.

Take a test drive at https://be.a.cloudgeni.us

Many of our clients typically worry about security of their information especially in the context of the cloud.

Premera Insurance data breach, IRS data breach, and this funniest thing that happened recently, this Ashley Madison data breach, that is just hilarious, but you know, data breaches happen and people worry about whether they should allow moving their business processes over to the cloud and that is a fundamental thing that people think about and people just generally worry about security and they tend to think that cloud is somewhat less secure, but actually, security has not really much to do whether you are in the cloud or in your premises in your own corporate datacenter. 

Security is a mindset. Its a way of protecting what you really want to protect at the same time allowing appropriate access based on certain roles and responsibilities that people have. Like the role can be your internal people, role can be outside business partners who interact with your information, it can be customers that access your information, it can be any body on the internet also.

So based on roles, roles based access to information and keeping certain things secure from certain types of roles is the fundamental way of thinking about security. 

Whether you put your information safe in your premises and put armed guards around it or whether you put that inside a virtual private cloud where it is conceptually similar to what you would have in your private data center except that the armed guards are actually managed by somebody else like AWS or Google or some one else like that who will manage that guarded data center. In that area, you will have a segment carved out for you in form of a private cloud. And it is conceptually similar. That is how you should think about security whether it is on-premises or in the cloud. 

People generally worry about security and hesitate to move their operations to the cloud for several reasons. One of the fundamental reasons is that they perceive that they lack physical control over their data. It is not in their hands – they can not touch the machines. Leaving their data in the control of some one else – some other third party company managing your machines, your storage devices, and other things kept far far away from you – you don’t even know exactly which building or which floor in that building or which computer has your data once it goes to the cloud – you have no idea. It is deliberately obscure by design. People may not feel super comfortable with the idea of letting their data, their crown jewels, going away from them and sitting somewhere else they don’t exactly know where. 

The other concern people seem to think of is from the perspective of legality – like who owns that building which will house the cloud and in case of a court order or a subpoena that third party company may be obliged to release their information to the courts or agencies representing the sovereign nations/countries they may be operating in. 

Companies can take some very specific steps to mitigate those specific concerns. And those steps involve, first of all doing a proper audit of where exactly are you moving when you move to the cloud. You need to know which cloud infrastructure is going to provide you assistance in actually taking your crown jewels in form of data, in form of code, in form applications, in form of business processes that you want to take away from your data center in your premises and move them to a cloud. So you need to know and understand exactly where they will land, who can access, what can go wrong, what are the extreme boundary conditions in which things can go wrong. because…let us be very clear…things will go wrong and I can guarantee that Murphy will strike at the worst possible time. You have to plan for these things. If something goes wrong, what will you do? How will you mitigate? How will you correct?

Imagine a case in which somebody actually gets hold of your data. What happens in that case…and there, a concept known as encryption comes into play where whatever you keep inside in a cloud environment…or just about any where including your own private data center locally…that you keep the whole thing encrypted – end to end. From the creation point through the storage point through retrieval and consumption and its eventual disposal – the end to end flow of data from creation to deletion/termination/extinction – that end to end pipe of information needs to be encrypted. Data in flight, data in store, data in retrieval, data being discarded, everything needs to be properly encrypted with the highest level of encryption algorithms available today. And the most important thing in encryption is to make sure that the decryption key is kept in your possession all the time.

Now if by accident, by Murphy’s law, or some other situation, you actually end up losing your data, your critical assets, your applications, critical information about your business, your crown jewels and some bad guy happens to have access to your data – They can not cause much damage because, they can not figure it out or decrypt your information – in their lifetime – they will have no clue – because the whole thing is encrypted. Only you, who has the decryption key, can actually decipher what it says and actually make meaning out of the data.

Encryption is one of the fundamentals things you need to ensure whether you keep data in house on premises or move it to the cloud – it does not really matter much. If it is encrypted, it can stay anywhere you like but make sure to keep the decryption key absolutely safe. Encrypting your data pipe end to end is the single best thing you can do from a security standpoint. And Remember… Never lose the decryption key.

Never lose your decryption key.Nilesh

Join our discussion in the Cloud Genius community and chat with us on our chat channel where we hangout and learn from each other.

 


 

Want us to create an episode on a topic of your interest? Let us know and we gladly develop one. I am your host Nilesh. Look forward to seeing you online.

---

The Show Notes

Premera Data Breach
IRS Data Breach
Ashley Madison Breach

Nilesh on LinkedIn, Twitter, Google+, Facebook

Cloud Genius on LinkedIn, Twitter, Google+, Facebook

Our Podcast Episodes

• Ensuring security when your cloud is compromised
• Secure your devices – Here is how I do it
• Do you remember passwords?
• Reduce cloud vendor lock-in
• Do you remember to backup?
• Introducing All Clouds Considered

Our Blog Posts

• Ensuring security when your cloud is compromised
• It"s not yours any more if…
• Secure your devices – Here is how I do it
• The power of open source
• Do you remember passwords?
• Reduce cloud vendor lock-in
• Do you remember to backup?
• Introducing All Clouds Considered
• Onnea Congratulations बधाई हो E ku ori ire అభినందనలు
  Our next global cohort just started!
• Cloud computing is really about sticking to core competence

Ensuring security when your cloud is compromised