Over the last year I have been working on a project for where I work to see just what the threat level was for systems in the “cloud”. Over the last year we have found out some interesting things about cloud services and information security, which mostly boil down to common sense. Many of the steps we currently take in our computing environments apply to our cloud computing environments.
Below is a “Prezi” presentation that I will be giving to the local ISSA on what we found in cloud space that you are all welcome to see.
The biggest lessons learned are to ensure:
1. That your applications are properly patched and updated – while not all applications patch on a regular basis – be prepared to turn off files (our worst hacking event was caused by one bad file in a Learning Management System.
2. That you do monitor your systems for hacking activity but you have to use client based software – it is very difficult to use network based sniffers in the cloud and you still won’t see everything because of the way that the Hypervisor works. When working with client end software – it is often hard to determine intent unless actually attacked.
3. That the cloud is no different from a security viewpoint in terms of risk than any other system that you would have public on the internet. What works in large corporate data centers works equally as well in cloud space as long as the monitoring, patching, an updating systems are client based.
This is only my record of a year’s worth of attack information that varied little from all our other internet connected systems. The usual disclaimers apply – your track record might be different. It will be interesting to see what additional data will be gathered over the next year in conjunction with this data.