Cloud computing is the idea of using or borrowing a remote server that is hosted over the internet in order to store your data instead of a local server or a physical machine. Similarly, public clouds differ only by the fact that they are public, hence making them accessible by any user with an internet connection.
When it comes to the security of a public cloud, recent research has found that the security risks associated with it are pretty high since a public cloud can be accessed by anyone. In this case, if a user thinks that they have uploaded data safely onto the public cloud, that data can be still public for other users.
What is more fascinating is that cloud service providers or CSP are fully aware of risks associated with public clouds and yet insist that security risks are a shared risk by every participant.
In order to understand how to mitigate the security risks of public cloud, we must understand how these threats develop in the first place. Some of the threats come through:
- Denial-of-Service or DoS attacks that intend to halt services provided to users by the cloud
- Data Theft, which includes stolen data through any security breach
- Hijacking, the usage of your personal cloud or server to attack a third party
In order to be able to mitigate attacks and increase your malware security, the user can use the following tools:
- Virtual Private Clouds or VPC
- Organize Identity-based access
A firewall filters data traffic by denying or granting access to certain data flows which are set by rules inside the firewall. Since a firewall works on a software level in the OS, and the OS is provided by the public cloud, most cloud providers do not provide this firewall functionality to the users. On the other hand, hypervisor-based firewalls (firewalls implemented at the start of the virtual machine) can offer the user the possibility to control the firewall through a GUI (Graphical User Interface).
An example of a hypervisor-based firewall provider is the Amazon Web Services (AWS) and Google’s Computing Engine tags (GCE tags). A negative of the firewall is that they do not protect against IP theft and they do not analyze who the user is behind the IP data flow.
Virtual Private Clouds
VPCs are similar to public clouds, with the difference that they are logically separated from the rest of the cloud, making them usable in private environments. This separation is easily deployed by allocating a dedicated VLAN for the user of the private cloud which automatically disables access of other users into the server.
The user also needs to provide a private IP in order to make use of the virtual machine inside the private cloud. Providers of VPCs are Amazon’s VPC, Rackspace’s Cloud Networks, and Google’s Computing Engine. A negative of VPCs is that they only ensure secure access from the VPC to the outside, but not vice-versa.
Organized Identity-Based Access
This tool is simply an authentication form which requests the user for a username and password and access is granted only after the authentication. The best way to use this Identity-Based Access is to use a VPN gateway.
The VPN act as a fortified tunnel that allows the private user direct access to and from the private virtual cloud and furthermore helps to avoid tracking, which also defends the user from IP theft as well as the issue of identity associated with the IP. Unfortunately none of the cloud providers give access to VPNs by default but it is rather a paid service. For further information on VPN topics you may visit one of these topics https://cybersecurityfox.com/tag/vpn/.
As we have gone through three ways on how to mitigate the security risks of public cloud, the user should keep in mind that popular cyber security tools are not an answer to reducing and mitigating the cloud-based risks. Instead, the best defense against any attack is to simply analyze the risks and then apply the necessary countermeasures.