Secure your data with NexStep Cloud Computing

Posted on: September 28th, 2015 by nexstepaz No Comments

With the introduction of new technologies like social networking, security has consistently become one of the top concerns for many organizations; and rightly so.  The security concern with virtual machines within a cloud computing environment is not because these machines are less secure, but rather, they require more complex management tools and provisioning.  What are some of these security concerns?

Compromised Hypervisor

One of the most common virtual security concerns is the possibility of the virtual machine hypervisor to be compromised or exploited.  In a cloud computing infrastructure, this would have huge and devastating consequences unless immediately addressed.  This is because of the shared resources that exist within the cloud computing environment.  In order to address this concern, there is a need to isolate the network and increase security monitoring detection.

Compared to traditional operating systems, hypervisors serve a specific purpose with a pre-determined set of functionality.  This means that it is comparatively less exposed with few to no network ports that can be accessed externally.  The operating system being run by the guest that may have vulnerabilities cannot directly access the hypervisor.

The only access is to and from the dedicated hypervisor management interface.  Although security concerns of a compromised hypervisor are legitimate because of the probability of all guests being compromised, the likelihood is extremely low with no documented attacks existing to date.

Controlling Storage Resources

Virtual machines go through a process of allocation and de-allocation of resources, more particularly local storage units.  Security exposure exists when the data written to the physical memory is not cleared prior to reallocation.  It is important to note that operating system have different ways of clearing managed data, which means clearing can happen during the resource release or at allocation.

Is there a way to overcome this security concern?  Within a public cloud environment, the best way to do so is to control how storage and memory are used.  Manually clear the data while making sure that the released resources were properly cleared.  Keeping with best security practices is always a good way to overcome these concerns.

Undetected Network Attacks

There is a possibility for network attacks between collocated machines on a physical server to go undetected.  There is no way to confirm this traffic without monitoring what goes through every virtual machine.  To arrest this concern, there are certain methods that can be done such as:

  • Invoking operating system based traffic filtering;
  • Isolation of different classes of virtual machines using segregation; and
  • Using a virtual local area network (VLAN) for isolation of any traffic between virtual machines by extending support outside the core switching infrastructure to the physical server host of the virtual machine.

These solutions to undetected network attacks however can have a downside in terms of applying service costs to tenants.  This is primarily because the unused as well as incompatible server fragments cannot be sold to other clients.  There is a need to implement standardized support for larger clouds to implement multi-vendor solutions and tie them into the hypervisors and network management.

Security Certification

This security concern has to do more with the technology vendors rather than the virtual machine technology itself.  It is important to recognize this threat because obviously not all vendors have the same skills, trainings, and capabilities.

This is where verification of individual vendor security evaluations as well as certifications must be established.  Technology vendors that have been granted security certifications by independent and recognized organizations more or less have satisfied industry requirements on the secure deployment of virtual machines in a cloud computing environment.

It cannot be argued that lawyers are duty-bound to ensure the confidentiality of every client transaction.  Exposing these through cloud computing exploits and vulnerabilities should definitely be a cause for concern.

The important thing to remember when it comes to virtual security concerns is that effective management of these risks can be done through better planning and management.

Contact NexStep for your utmost security and peace of mind and find out how their highly secure virtual private network can solve your cloud computing security concerns.

GIVE US A CALL

Leave a Reply