Читать книгу Machine Learning Techniques and Analytics for Cloud Security - Группа авторов - Страница 34

When any organization is planning to deploy hybrid cloud, some box of tricks needs to apply to reduce the security threats. Though cloud vendors generally provide security measures but still they see the task as shared responsibility, also in case of multi-tenant cloud security algorithms are not same for all vendors. So, planning and standardization of all activities can handle security challenges to a great extent. Some best ever practices are as follows:

 Encrypt all data: Best possible means to secure data is to do the encryption. Encrypt all data irrespective of their location. In hybrid cloud, data often move between two or more clouds and in transit data is vulnerable. Encrypted data is less likely to be compromised. Selective encryption can be more vulnerable as it is easy to identify which is encrypted and which is not. Target selection becomes easier in this case and data becomes more susceptible to threats.

 Strengthen authentication and authorization process: Access to data should only be provided to authenticated user. Unnecessary and unauthorized access has to be prevented. In hybrid cloud, different applications run on different cloud, so access rights of different customer will not be same.

 Customer awareness: One of the most important part in security as it can reduce human error to some extent. Customers should follow common guidelines for accessing data and services. They should be aware of the security threats and will take measures accordingly. They should use strong passwords and prevent access to sensitive data by any unauthenticated application.

 Application of standardized process: Uniform standards have to be maintained; it should not be like any one can use anything. Network configuration, password structure, firewall setup, auditing and monitoring, and database maintenance everything need to be regulated. Regular updation of OS and applications is essential.

 Strong disaster recovery plan: Though event of system or application failure in hybrid cloud is much less than other cloud, but still it can happen. Disaster recovery plans should take action in those scenarios. Regular backup and configuration of failover system should be a part of disaster recovery plan.

 Employ right security personnel: Infra and network administrators have the most vital role to play in hybrid cloud computing. Employment of correct personnel with adequate knowledge and experience can apprehend potential threats beforehand and therefore can accommodate the system accordingly.

 Endpoint security: Hybrid cloud has more endpoints than on-premise system. Each open endpoint is also entrance for potential attackers. Strict security measures should be application for all inbound data.

 Multi-faced approach: It basically deals with both internal and external vulnerabilities. Protecting our network from external threats is not enough here, we need to concentrate on the internal threats also as the frequency of internal threats is higher than external and also it has bigger effect onto the organization.

 Pervasive encryption: It is a consumable approach for in flight and in rest data encryption. Huge amount of data can be encrypted easily and in cost-effective way. IBM Z15 is a platform which provides pervasive encryption in digital enterprise [26].