The commoditization of technology has reached its pinnacle with the advent of the recent paradigm of Cloud Computing. Infosys Cloud Computing blog is a platform to exchange thoughts, ideas and opinions with Infosys experts on Cloud Computing

« MYOC - Offload compute intensive tasks on Azure using the Offline Processing pattern | Main | Key Value stores: Usefulness in Cloud environment »

Security Issues with the Cloud

Despite all the hype surrounding the cloud, enterprise customers are still reluctant to get their hands wet. The reason… security.  Industry verticals like Banking and capital markets, Defense and other high risk projects give far more weight age to security and fail safety than marginal reduction in capital expenditure. Undiscovered security holes, which lie hidden inherently in the OS for decades, may cause much higher damage when the whole system is exposed to the brute force hacking power of the public internet.

A recent published security hole in Microsoft Windows  allows users with restricted access to escalate their privileges to system level. The most disturbing part in this expose is that this hole lay hidden in the OS from 32bit versions of Windows NT 3.1 upto and including Windows 7. That’s a hole that lay undetected for 17 years!

And it’s not only Microsoft that’s facing the music. High-risk, kernel level security flaws continue to be reported in RHEL, SUSE and Debian. The philosophy followed, when encountered with a security flaw, by both of them are quite different and must also be considered when deciding on an environment prone to attacks.

Microsoft follows the traditional approach, security through obscurity. The belief here is that if inherent flaws both theoretical and actual are not disclosed to the public, the chances of finding and exploiting them are drastically reduced. Debian follows a much more radical and much debated philosophy, full disclosure. The logic here is that even though blackhats (a hacker who breaks into networks or computers) may misuse this disclosure, whitehats (ethical hacker or penetration tester who focuses on securing and protecting IT systems) will be able to obtain more info and generate patches quickly.

But at the end of the day, whatever be the excuses, high risk enterprises will always value security over marginal cost benefits. A thorough understanding of the underlying technologies, adequate security audits and risk analysis needs to be done before suggesting cloud based solutions to enterprises.

An excellent article on Linux vs. Windows Security can be found here.

Posted by Kiran C Nair on January 21, 2010 06:27 AM |

TrackBack

TrackBack URL for this entry:
http://www.infosysblogs.com/cloudcomputing-mt/mt-tb.fcgi/63

Comments

Here the access permissions are not only buy providing passwords.This security can be done provided by pinging the cloud on successive intervals such that the counter attack should be run automatically such that it should mislead that process.when there is max monitoring such attracts can be defended.I think for any innovation there will be a way to destroy it.And for any security attack there will be a counter attack.

Posted by: J.naga sai ram mallik | January 24, 2010 04:27 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Blogger Profiles

Off the Shelf: The Retail & CPG blog from Infosys - Visit

Recent Posts

Categories

Infosys on Twitter


Archives