Almost any organisation or business, independent of its industry and size, utilises one IT Cloud service. Cloud networking adoption is growing continuously and evolving at a rapid rate. It has several advantages such as reduced IT Costs, scalability, business uptime and efficiency.
Following the trend of moving IT infrastructure to the cloud, IT departments no longer have to purchase, deploy and maintain computing hardware and software in-house. Cloud services are also quick and easy to set-up, scaling as the business grows without any involvement from IT department.
So… what is cloud networking?
Cloud networking introduces a new way to deploy and operate distributed access networks. It delivers enterprise-class network management capabilities for wireless networks access points, switches and routers via a cloud infrastructure that requires little or no capital investment in additional hardware and software IT resources.
For example, traditionally hosted solutions requires large amount of space or even transportation of items such as portable servers and etc. With cloud networking, it simplifies every complex tasks to make them extreme simple, enabling organisations to deploy locations in minutes and operate distributed networks via a centralised console. This provides unprecedented levels of control and network visibility.
Cloud services provides simplicity and better network intelligence
So what can businesses expect from cloud migration?
Potential benefits of cloud migration
There are many problems that moving to the cloud can solve. Here are some typical scenarios that will benefit from cloud migration.
- Your application is experiencing increased traffic and it’s becoming difficult to scale resources on the fly to meet the increasing demand.
- You need to reduce operational costs while increasing the effectiveness of IT processes.
- Your clients require fast application implementation and deployment and thus want to focus more on development while reducing infrastructure overhead.
- Your clients want to expand their business geographically, but you suspect that setting up a multi-region infrastructure – with all the associated maintenance, time, human, and error control effort – is going to be a challenge.
- You’d like to build a widely distributed development team. Cloud computing environments allow remotely located employees to access applications and work via the internet.
- You need to establish a disaster recovery system but setting it up for an entire data center could double the cost. It would also require a complex disaster recovery plan. Cloud disaster recovery systems can be implemented much more quickly and give you much better control over your resources.
- Tracking and upgrading underlying server software is a time consuming, yet an essential process that requires periodic and sometimes immediate upgrades. In some cases, a cloud provider will take care of this automatically. Some cloud computing models similarly handle many administrative tasks such as database backup, software upgrades, and periodic maintenance.
- It’s becoming more difficult and expensive to keep up with your growing storage needs.
Potential Risks
There are some general drawbacks associated with cloud migrations that you will want to consider.
- If your application stores and retrieves very sensitive data, you might not be able to maintain it in the cloud. Similarly, compliance requirements could also limit your choices.
- If your existing setup is meeting your needs, doesn’t demand much maintenance, scaling, and availability, and your customers are all happy, why mess with it?
- If some of the technology you currently rely on is proprietary, you may not be legally able to deploy it to the cloud.
- Some operations might suffer from added latency when using cloud applications over the internet.
- If your hardware is controlled by someone else, you might lose some transparency and control when debugging performance issues.
- Noisy “neighbors” can occasionally make themselves “heard” through shared resources.
- Your particular application design and architecture might not completely follow distributed cloud architectures, and therefore may require some amount of modification before moving them to the cloud.
- Cloud platform or vendor lock-in: Once in, it might be difficult to leave or move between platforms.
- Downtime. It happens to everyone, but you might not want to feel like your availability is controlled by someone else.
Types of Cloud Models
Infrastructure as a Service — AWS, Google Cloud Platform, etc
IaaS is highly recommended for companies that are looking for third-party data centers to host their applications. They tend to prefer to outsource the care of their physical infrastructure to concentrate more completely on developing, deployment, and monitoring.
Platform as a Service — Google App Engine, Heroku, etc
Adopting a PaaS solution will also reduce your ready to market timings – since PaaS will be preloaded with most of the runtime required software – you only need to deploy the upper most layer of your application, in some cases just the application binaries.
Software as a Service — Google G Suite, Office 365, etc
SaaS is a delivery model through which centrally hosted productivity software is licensed on a subscription basis.
Cloud Security
Since we have discussed about cloud computing being an emerging trend that delivers computing services such as online business applications, online data storage, and webmail over the Internet. Cloud implementation enables a distributed workforce, reduces organization expenses, and provides data security, and so on. As many enterprises are adopting the cloud, attackers make cloud as their target of an exploit to gain unauthorized access to the valuable data stored in it.
Robust cloud technologies offers different types of services to end users. However, many people are concerned about cloud security risks and threats. Attackers may take any form of vulnerability in a cloud as an advantage to compromise data security, gain illegal access of the network, and etc.
There are various risks and threats associated with cloud service adoption and migrating business-critical data to third-party systems. However, following security guidelines and countermeasures strengthens the business case for cloud adoption
Types of Cloud Computing Threats
Data Breach — Loss of Data, Encryption keys stolen/lost, illegal access to the data causes failure to comply with authentication and authorization policies. May lead to events such as the wrong parties misusing the data.
Abuse and Exploit the use of Cloud Services — Normally attackers create anonymous access to cloud services and perpetrate various attacks such as: password and encryption key cracking, hosting exploits on cloud platforms, malicious data and DDoS attacks.
There are many more threats such as insecure interfaces and APIs on clouds, shared technology issues and etc. You may choose to read more at : https://www.recordedfuture.com/cloud-computing-benefits-threats/
Diving into Cloud Security
There are 7 control layers in cloud security.
1 -> Application Layer — ADLC, Binary Analysis, Scanners, Web Application Firewalls. A good example is that we can implement OWASP for web applications allowing it to meet and comply with appropriate regulations and requirements
2 -> Information Layer — DLP, CMF, Database Activity Monitoring, Encryption. This is to develop and document a information security management program which includes approaches to protect information against unauthorized access, modification or deletion.
3 -> Management Layer — GRC, IAM, VA/VM, Patch Management, Configuration Management and Monitoring. This layer is to cover and maintain the cloud security administrative tasks, which can facilitate uninterrupted and effective services from the cloud.
4 -> Network Layer — Firewalls, Anti-DDoS, QoS and OAuth. This layer is to monitor and prevent illegal access, misuse, modification, or denial of network-accessible resources.
5 -> Trusted computing Layer — Hardware and Software RoTs and APIs. Securing a computational environment that implements internal control, audits and maintenance to ensure availability and integrity of cloud operations
6 -> Computer and Storage Layer — Host-based Firewalls, HIDS/HIPS, Integrity & File/Log Management, Encryption, Masking. Since cloud lack physical control of data and machines, they must establish policies and procedures for data storage and retention to ensure availability and continuity of services that meet with statutory, regulatory requirements and compliance.
7 -> Physical Layer — Physical Plant Security, CCTV, Guards. This layer is normally implemented at physical plant security. This are measures for physical access to the cloud infrastructure, data centers and other physical resources.
Other factors to consider
Cloud service providers should provide higher multi-tenancy which enables optimum utilization of the cloud resources and to secure data and applications.
Cloud services should implement a disaster recovery plan for the stored data which allows information retrieval in unfortunate incidents
Continuous monitoring and delivery of Quality of Service is required to maintain the service level agreements between providers and end-users
Load balancing should be incorporated into the cloud services to facilitate networks and resources to improve the response time of the job with maximum throughput
Cloud Penetration Testing
Similar to other penetration testing methods, the goal is to prevent unauthorized access, data breaches, data loss and unwanted costs to be incurred to the organisation.
However, there are considerations for the penetration test specifically tailored to the Cloud
1> We first need to determine what type of cloud; PaaS, IaaS or Saas.
2> Obtaining written consents for performing the penetration tests. This is requirement for all ethical hacking.
3> Ensure every aspect of the infrastructure are included in the scope of testing and generated reports.
4> Determine how often and what kind of testing is permitted by the Cloud Service Provider.
5> Prepare legal and contractual documents
6> Perform both internal and external penetration testing of the cloud
7> Perform penetration tests on the web application and services in the cloud.
8> Perform vulnerability scans on host available in the cloud
9> Determine how to coordinate with the Cloud Service Provider for scheduling and performing the test
Summary
In summary, the cloud is a double-edge sword technology. It does improve the pacing of our lives, better delivery of IT services. Cloud services are broken down into three categories, IaaS, PaaS and SaaS. Attackers can exploit the cloud for their attacks which causes difficulty in tracing their attacks. Hence, it can pose benefits for both cybercriminals and business owners. Cloud penetration testing services can be performed to reduce the risks of having an organisation’s cloud compromised.
I have always mentioned about the existence of “impregnable” defenses. However, taking precautionary measures are a form of prevention and reducing risks. Hence, if you wish to seek third-party help, Quadrant360 offers specialised Wireless Networks penetration Testing and Consulting services, so do contact us at +65-31383788 or click here to email us at enquiry@quadrant360.com for more information