Public clouds and relative security risks

The use of cloud services is the latest trend in the IT world. It is the idea of using a remote internet location for storing and sharing data instead of a local physical machine. The only difference with the public clouds is that they are accessible by any user browsing the internet.

There are many security risks associated with the use of a public cloud platform; the cloud service providers are fully aware of this although they tend to report that the risks in place when using a public cloud are the same for every participant connecting to it.

Some of the forms in which the security threats for the public cloud services appear are the Denial-of-Service (DoS) attacks, the data theft and the hijacking. In DoS attacks, the system is being repeatedly attacked by multiple http requests causing the cloud services to halt and becomeunavailable to end-users. In data theft attacks, cyber-criminals try to breach security and get ahold of personal data of users. Finally, the term hijacking is used when a malicious user makes use of your personal cloud in order to attack a third party.

Some tools for mitigating these attacks are the use of Virtual Private Clouds, Firewalls and the use of Identity-based access. Let’s go through these solutions:

Virtual Private Clouds

The difference between aVirtual Private Cloud (VPC) and a public cloud is that the VPC is logically separated from the rest of the cloud so it can be used in a private environment. This is implemented by assigning a VLAN dedicated for this service which causes the access of any other users to be blocked.

The VPC user makes use of a private IP address so as to connect and manage the virtual machine hosted in the private cloud. You should know though that one disadvantage in this solution is that only the access from the Virtual Private cloud towards the outside network is secured and not the other way around.

Firewall

You can filter traffic and allow or block access to certain services with the use of a firewall and the relative adjustments of the firewall rules. There are firewalls which are placed at the start of the virtual machines (called hypervisor firewalls) which can be easily configured via a Graphical User Interface. The firewall will not protect you against IP theft or analyze the user activity behind the IP data flow though.

Organized Identity-Based Access

If you apply this solution, you will need to enter credentials (username and password) before you can have access. This solution should be applied in conjunction with a reliable VPN service as it will allow the private user to directly access the virtual private cloud and avoid tracking and identity theft. The use of a VPN service though is not included in the services that the cloud providers give, so you would have to make use of a paid VPN service.

Leave a Reply

Your email address will not be published. Required fields are marked *