Cloud Security Solutions
Private and public cloud solutions have been gaining much popularity however there are security issues that have gained a higher priority. Cloud security is a vital part of CIA (Confidentiality, Integrity, and Availability) triad for data security. The cloud functionality in itself is robust and well-paying for customers; however operational security is a concern that is being addressed by vendors. The adaptation of cloud technology has been rapid and fast paced. Cloud security issues over the cloud environment have hindered the growth of cloud industry resulting in a far lesser growth as was expected of the new technology (Donovan).
Emergence of Cloud Security Standards
Security automation is a most recent phenomenon in the field of cloud security. Security automation allows a network and a security system to respond dynamically to situations and automatically handle the routine tasks related to security. This automation technology allows the administrators to focus on more critical aspects of their job such as policy development, update, and threat analysis. This standard of automated security maintenance enhances the efficiency related to monitoring, reduces the overall cost of maintenance and enables an organization to respond fast to network threats and attack situations (Lorenzin).
These standards have been embraced by both governmental and commercial entities. Some of these security standards are Interface for a metadata access point (IF-MAP), Trusted Network Connect (TNC) and Security Content Automation Protocol (SCAP) from NIST (National Institute of Standards and Technology). These standards allow security architects to successfully automate the security solutions, provide continuous monitoring for real-time protection of an organization’s network and its connected devices. The standards provide access control based on established policies integrated into enterprise network hardware. The communication amongst all security systems is coordinated and based on open-standard protocols. The monitoring and response to threats are done using standards that have been developed by government and industry experts (Lorenzin).
Encryption Standards in Storing Files in Cloud
There have been major developments in the encryption standards for file storage in the cloud through the means of various trusted protocols implementation, TLS layer encryption mechanisms and establishing trust between client and server through a means of cryptographic algorithms. An open source project called strongSwan provided by the HSR University of Applied Sciences can collect evidence of file system transfers through trusted protocols. stronSwan supports Network Endpoint Assessment (NEA) and creates a trusted relationship between the server and the client through utilizing server protocols like PA-TNC, PT-EAP or PB-TNC provided by the Trusted Computing Group (Donovan).
Sometimes some other open standards could be used for file storage and file sharing mechanism over the cloud by utilizing Transport Layer Security (TLS) for applications like Enterprise File Sync and Share (EFSS), Citrix Fileshare, Dropbox or IBM Box. All of these offerings provide simple, secure file sharing capabilities for processing files over the cloud. The encryption mechanism of the file system over the cloud is a challenge as SSL layer is not as secured when it comes to public cloud settings. The only option left is encryption mechanisms over the TLS layer, and that adds an extra level of overhead for managing file systems over the cloud (Donovan).
Latest technologies in Cloud Data Security
Data security in cloud environment especially public cloud environments is an essential part of the protection of data integrity in the cloud. Data in a cloud environment is typically in a separate shared environment with the data of other customers. In such situation encryption is effective but is not a concrete solution for cloud data security. The data security revolves around the three goals which are Confidentiality, Integrity, and Availability. If any one of these goals is missed, then the data is not secured (Donovan).
There have been several breakthroughs in data security technologies by various companies like Microsoft, Fujitsu, and Trusted Computing Group. Microsoft Azure provides cloud data security through a means of data security gateways. Fujitsu developed a new protocol acting as a gateway for cloud information and controlling the transmission of data content. Data masking technology, Data traceability technology, secure logic migration and execution technology and security content automation protocol (SCAP) are some of the latest technologies that have been used for the data security in a cloud environment. SCAP is an open security protocol that has been developed by the US Commerce Department’s National Institute of Standards and Technology (NIST). SCAP usage is high in the government sector. Trusted Networking Group (TNG) has created a Trusted Network Connect (TNC) and SCAP integration that is working successfully and being used by several vendors. IF-MAP, which is a security standard along with TNC and SCAP, provides an efficient security control over the communication of data amongst systems, enforce policies over the cloud resources and provide cloud data security solutions (Donovan).
Seamless Cloud Security
TNC (Trusted Network Connect) from Trusted Computing Group (TCG), worked with technology that allows checking the integrity of devices when they connect to a network. It was further developed into a seamless model of security where all aspects of network security are linked together through a set of open standards. Traditionally organizations have separate security layers that check the security of client systems, server, network security, data and physical security, handling of any security incidences and other types of security. This has been the de facto standard for most if not all organizations. Most such systems have been working in isolation and connected through some ad hoc and mostly manual mechanisms. TNC architecture linked all of these independent systems together through open standards to create a seamless cloud security platform, which it terms as pervasive security.
Seamless cloud security integrations allow major benefits like rapid identification of network threats, accurate correlation of threats across the network, faster response time and reduced latency in countermeasures. Seamless cloud security enables a level of transparency to the physical data location in the cloud environment. The seamless security as implemented by Trusted Computing Group is provided via open ecosystem, thereby adhering to a set of industry standards with low-cost solutions and compliance to performance and security policy objectives relevant to the cloud environment.
Enterprise IT Policy in Cloud
An enterprise level IT policy in cloud environment establishes a level of trust between different parties. The objective of the IT policy is to drive incident fewer operations, with a maximum security of private and confidential data of client. The information between parties must be exchanged within a trusted context and in the bounds of a pre-established trusted relationship. The policy must be enforced upon all the parties to ensure there are no gaps, misunderstandings, and misuse of trust relationships. Policy statements, information sources, execution points, decision authorities, policy hierarchies and obligations on each party must be identified, documented and distributed to relevant parties (Donovan).
A trusted Multi-tenancy Infrastructure must have reference models and implementation guides, shared infrastructure, and multi-provider infrastructure. An effective IT policy in the cloud must be able to identify all assets, provides an identity configuration and compliance levels for adhering to the policy. It must have the providers involved for details on policy specifications with regards to cloud providers, the capability to enforce the policy organization-wide and address the risks and identify mitigation patterns. An IT policy ensures that relevant audits are performed for all cloud-based environments with the enterprise. The aim of an enterprise IT policy for cloud environment is to maintain a trustworthy ecosystem for the cloud, enable real-time assessments and compliance. Define and implement best practices, standard patterns, and real-time support enforcement of policy (Donovan).
Performance Objectives for Cloud Security
The performance objectives for cloud security include the service level agreements (SLA) that enable a successful usage of cloud services without any issues between the vendor and the client. SLAs define the key performance objectives for cloud security that are identified by KPIs (Key Performance Indicators). Some of the key objectives for cloud security include that the encryptions keys must never leave the device and encryption must be part of all the devices being used in the cloud environment, be it digital or physical. All the storage drives must always be encrypted, and a user cannot turn off the encryption of the disks. Even when the drives are working at full capacity, there must never be any impact on the performance of the data retrieval operations. The security levels of cloud must be scalable along with the growth of the cloud instance. A secure environment must provide security for both identify of data and integrity of data. The security for identity is provided through authentication and encryption while the integrity of data is maintained through attestation. Securing identity and integrity of data are the most important performance consideration for cloud data security services (ARCHITECT’S GUIDE: IOT SECURITY).
Tools for Cloud Security
Cloud security has been much in focus and research, premier government organizations like NIST have been working seriously on providing robust and latest solutions for cloud security. One of the basic levels of cloud security tool is the use of encryption certificates at the SSL layer. However, SSL layer security had its flaws. The other layer being used for security is the TLS (Transport Layer Security). TLS provides a secure mechanism to transfer data. One powerful tool by TCG for cloud security and integrity protection is Trusted Platform Module (TPM) that combines features of a cryptographic identity management with remote security management features like attestation. TPM is defined by open standards and also has a variety of implementations from different vendors. Another tool for cloud data security is self-encrypting drives. The open architecture for network security provides a set of standards for tool development that is completely vendor neutral, provides security through trust based computing and aligns with ISA100.15 Backhaul Network Architecture and IETF standards for PKI (Public Key Infrastructure). Security Content Automation Protocol (SCAP) that is provided by NIST is another tool which is used by several vendors in conjunction with TNC to provide a robust, secure layer of data security and integrity in a cloud environment (Trusted Network Connect).
Works Cited
Donovan, Michael. Establishing Trust In The Cloud: Trusted Multi-Tenant Infrastructure. 1st ed.
Trusted Computing Group, 2014. Web. 22 Apr. 2016.
Lorenzin, Lisa. Security Automation. 1st ed. Trusted Computing Group, 2014.
Web. 22 Apr. 2016.
Trusted Network Connect. 1st ed. Trusted Computing Group, 2011. Web. 23 Apr. 2016.
ARCHITECT’S GUIDE: IOT SECURITY. 1st ed. Trusted Computing Group, 2015.
Web. 23 Apr. 2016.
