Читать книгу Machine Learning Techniques and Analytics for Cloud Security - Группа авторов - Страница 32

A properly designed, managed, and integrated hybrid cloud is considered to be as secure as on-premise infrastructure. But reality is bit different. Gartner and WSJ [7] have recently reported that 95% data breaches occur in cloud computing due to human error. Here, in hybrid cloud, also human error plays a crucial role. Misconfiguration, misunderstanding of system use, and accidental data sharing all results threat to security. Security is essential in all application areas. Suppose in healthcare organizations patients’ data should be kept hidden. Pathological reports of any patient are not expected to be accessed by any unauthenticated person. Similarly in financial industry, trust is the most important factors. Details of all customers’ sensitive data have been kept like their income related info; their identification info their tax related document everything has been kept there. Customer should feel protected about their data. It happens in all sectors. With the help of public server and data centers, the business world is forwarding toward a new server free era but security measures have to be adjusted so that it can reap up ultimate technological and financial benefits. Since hybrid cloud is a “one size fits for all” solution for business development, it is advisable to look into the security issues more closely as threats to sensitive data might cause problem. Here is a list of issues specific to hybrid cloud security [11]:

 Authority: In hybrid environment, multiple functioning components scattered through private and public cloud. Multiple services can also be taken from multiple public clouds. So, customers of hybrid cloud should decide the governance rule for components, functions, and data beforehand both for private and public cloud.

 Portability: Supporting infrastructure must be there so that applications and data may move between public and private cloud. Data portability causes additional risk in hybrid cloud. Private data can be made secure by applying encryption techniques but when portability is allowed then who will be responsible for the protection of data in transit need to be addressed.

 Presence of multiple interface: Multiple cloud may be present in a network and each of them most likely is to have their own set of security and privacy policy compounds. This acts as a back door for data breaching in case of hybrid cloud.

 Lack of separation wall: Cloud customers have seamless access to private and public resources. As a result of that, sometimes, intruders take an indirect entry to penetrate the delicate data.

 Security issues handling: Reporting and subsequent measures for security issues need to be shared to the customer as well as service providers so that they will be extra cautious from the next access. Sometimes, customers face unacceptable delay due to security issues, so in the SLA, it should be mentioned when and how they will be notified.

 Application and data protection: Protections offered by the cloud providers are getting stronger day by day but still they are not enough. Advanced security information and event management (SIEM) solution need to be implemented.

 Vendor lock-in: Sometimes, due to lack of scalability or security issues, cloud needs to be shifted from one vendor to other vendor. If the cost of switching is so high that the customer is forced to stick to the origin, it is known as vendor lock-in. Avoiding vendor lock-in needs to be included in the business policy.

 Guard against shadow IT practice: Sometimes, within the organization, some person or departments are using sensitive data without the knowledge of the security group. This is called shadow IT practice, and often severe risks are associated with it.

Although hybrid cloud is considered more secure than public cloud as it provides greater control over the data but still data leakage, corruption, improper or unauthorized access, and data deletion can only be handled by secure channel, access control, data validation, and encryption. By doing the vulnerability management also security can be enhanced [32]. Risk assessment is often done to reduce vulnerability.