Cloud computing has most certainly been an important driver for the next generation of the internet. This key technology has facilitated both online cloud storage and even more recently online services, enabling Software as a Service (SaaS) applications available by subscription.
While cloud computing has been a great enabler for these services, it also has presented new challenges in keeping a network secure. Long gone are the days when a company’s IT department could set up computers, and then control the entire flow of traffic - both inbound and outbound alike - via its arranged network with strategically placed firewalls, hubs and antivirus software protecting the clients.
Rather, with cloud computing, there are virtual resources provided over the internet, including data, applications and infrastructure. This then has the potential for sensitive data to be exposed as it gets transmitted from the client to the cloud server and back.
Modern network vulnerabilities
A common vulnerability for cloud computing is known as session hijacking. In this type of attack, the hacker exploits a valid computer session, to then get access to the resources of the cloud server provider.
Here, the cookie that the client is using for authentication for the valid session gets stolen and hijacked. In one variation of the attack, the hacker intercepts the traffic between the client and the server with a ‘Sniffing program,’ that can grab the cookie (and whatever other data) in what is dubbed a ‘Man-in-the-middle attack'.
Security strategies ans solutions
Several strategies have been developed to ensure security between clients and the cloud server. They need to be tailored to the specific type of cloud security platform that is vulnerable.
The base for cloud architecture is known as Infrastructure as a Service (IaaS). To protect IaaS, there needs to be network segmentation, and monitoring of the network should include Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS). There should also be virtual web application firewalls that get located in front of the website for malware protection. Virtual routers, and virtual network-based firewalls along the edge of the cloud network provide perimeter protection.
The next cloud solution is Platform as a Service or PaaS. In this architecture the service provider provides the platform to the client which allows them to build applications, while the host company, ie: the cloud provider, builds and services the infrastructure. Security for this type of cloud service can be provided via IP restrictions, and logging. In addition, there should be API Gateways deployed, and a Cloud Access Security Broker (CASB) which controls the policies.
With a SaaS, both the software, and the data are hosted in the cloud, with the service available to each user via a browser. The security for such a configuration is often provided via the Cloud Service Provider (CSP), which is typically negotiated into the service contract. Additionally, a SaaS will incorporate the same suite of security measures as in a PaaS.
A final security measure to implement is a cloudVPN, also known as a VPN as a Service, or aptly designated as a VPNaaS. This cloudVPN is designed to give users the ability to access the cloud server’s applications through a browser securely by encrypting the communications.
- Skip to the chase - grab the very best VPN in the world right now...
- ...or if you have employees to protect then the best business VPN
- Seek out security for Apple devices with our Mac antivirus guide