Understanding the risks of Cloud Computing — Pt 1
In our previous article, we have learned about the basics of cloud computing, Architecture, Deployment models, service models. It looks so easy to decide and implement the model and service based on our requirement, but it’s also equally important to understand the risks associated with it.
As per NIST 800–145, Cloud computing has 3 Service Models, 4 Deployment Models. Each one has certain risks associated with it which need to be analyzed, reviewed, assessed, and remediated. Let’s dig more in detail...
Risks for Cloud Service Models:
- Infrastructure As- A- Service:
Before choosing the IAAS, there are certain risks that we need to consider and remediate. Below are some of the risks which we need to take care of.
- Physical security of the data center plays important role in data security. Trained Security personnel should be deployed round the clock and monitored profile background is required.
- DC’s are maintained by external vendors at different geographical locations which have the security risk of Natural Disasters. Better Disaster Recovery Management should be in Place
- DC’s maintain multiple customer’s data and also their risk varies differently. So critical data is always vulnerable to Threats like ransomware, Backdoors, DDOS attacks.
- Vendor relationships with DC providers should be audited and reviewed regularly.
- Platform As A Service :
Using the PAAS service model for deploying different platforms for the business requirement and managing them possess certain risks.
Below are some of the risks which we need to take care of:
- Deployed platforms and Underlying Infrastructure should be operationally compatible and regular updates should be in place to avoid availability issue or application breakdowns
- Application thread risk is slightly high in this model as the platform and OS are managed by different individuals.
- Data Leakage risk is high in shared infrastructure service providers as the underlying virtualization share the resources to multiple platforms as per the service Model
- Software As A Service :
Using of SAAS is increasing on daily basis and so is the risk associate with it.
Below are some of the risks which we need to take care of:
- SAAS deployments face the risk of data format hosted in applications. The movement of applications will be a risk for the customers as it may lead to application breakdown.
- Certain applications possess proprietory settings/formats ( Vendor Lock -Out) using for hosting the data and application processing in the cloud applications.
- Virtualization risks will exist in the SAAS model as the resources shared by multiple platforms, applications that have the same underlying OS and Infrastructure
- Web application attack risk is much possible in the SAAS model as the application is exposed to multiple attack vectors like Injections, Broken Authentications, etc
Among these models, we understood there are virtualization risks involved in it. Let’s understand in detail in Part 2, along with deployment models.
Please feel free to know about Virtualization, Cloud computing from the below links learn more.
Thanks for reading and please feel free to like, share and comment if you have any queries to discuss and follow #adithyainfosec for more content 😊😊
