We can draw parallels between the cloud and the physical data center space in that the same perimeter, system, and data protection mechanisms we’ve come to rely upon in the physical data center must also be applied to the virtual environment. These include such tools as firewalls, intrusion prevention, anti-malware, and data loss prevention.
However, even with these protections in place, the most significant challenge that remains for enterprises considering cloud computing is answering the question: How can I trust the cloud provider with my environment and my data?
These are factors to consider when operating in the cloud:
- Cyber criminals can erase their digital tracks (log modifications)
- Admins can cover up accidents and misbehavior (log modifications)
- ‘Vault’ storage doesn’t work in the cloud (PKI fails, data leaves the vault)
- Applications can be accidently changed or maliciously compromised (code and app modifications)
Let’s explore these issues, and why they pose significant challenges for enterprises looking to take advantage of cloud computing. The challenges in mitigating risk are most prevalent in the public cloud, but the private cloud still faces these same challenges.