Risks with Cloud Computing and Virtualization – CompTIA Security+ SY0-401: 2.1



cloud computing is all the rage isn't it it's a technology that we've named now is things that we're starting to do more of because our bandwidths are getting better people are creating resources for us and remote locations and we're able to blend that in with what we do is a normal part of doing business but there are risks associated with cloud computing just like anything else we have to consider those risks one is that the data that we may put it be putting into the cloud may be available to more people than we want sometimes we're dealing with machines and services that are managed by other people they're managed by third parties and if you're putting data out there there is a possibility that someone from those third parties might have access to that data so if you're dealing with cloud computing and your data is extremely important or extremely sensitive you may want to consider making sure that you put limits on what people are able to see maybe you don't put the data in the cloud or maybe you encrypt it when you put it in the cloud there's things you can do to help mitigate and allow that particular risk in your environment another challenge you have from a security perspective is that the actual security access to this data or this information is managed by a third party if you look at something like Google Mail or Yahoo Mail you really don't manage the security for that you trust that Yahoo or Google is going to be able to make sure that your mail is secure and that nobody else gets information that you have inside of your inbox so that's a bit of a challenge because now we're putting that trust in a third party and if you're putting information into the cloud that's being managed by a third party that's certainly something you should consider another piece that's important with cloud computing is that these servers are somewhere else you may just be buying a service that happens to be on somebody else's equipment and in that particular case you may not have a lot of control should a problem occur with that server if the server goes down it loses power a hard drive fails or perhaps you get locked out of your accounts you don't really have direct access to be able to resolve that particular issue just because it's in the cloud doesn't mean it's always available these are humans that are managing technical systems and sometimes what happens out there in the cloud creates downtime and outages for you you also have to keep that in mind because there is a risk from your organization not having access to your systems if that occurs need to have an understanding of what that means for the organization another technology that has really come on strong is virtualization this idea of having one big monster computer and inside of that device you can build virtual systems before we used to have 20 different servers now we've got one big server and virtually there's 20 little servers sitting inside of it what's nice about that is we have a lot of control over what we can do with that system we can allocate more memory we can give it some more disk space we're not limited by physical constraints anymore so there's a lot of good business value associated with virtualization but from a security perspective there is an emerging set of threats coming by somebody taking advantage of that virtualization layer that's the layer that sits on top of all these virtual systems and the bad guys know that if it can get access to that virtualization layer there's a potential then for gaining access to every single virtual system that might be on that physical computer that's a pretty big concern you might have some very important information might have a hundred different virtual systems on a physical device and by gaining access to that virtualization maybe putting every single one of those systems at risk and it's something you have to keep track of as a security professional because those are challenges with virtualization you simply can't ignore there is very little control over what happens between virtual systems they're all inside of one big computer it's kind of hard to take a firewall and cram it inside of this physical computer and make all of the different systems communicate back and forth through that firewall there's not a lot of virtual firewall support out there in the world and the virtual firewall support that exists today is very very limited on what it's able to do relative to a physical firewall so something also to consider there you may be doing a lot more software based firewalls and they might be on the server's themselves but certainly something to consider when you're moving into a virtual environment there are also challenges when you start looking at multiple systems being crammed into one physical device in a data center if it was a physical server you had a lot of control over who accessed that server physically you were also even able to separate these servers off into completely different areas of the data center in some cases into separate data centers and that provided you with some advantages from being able to separate that out in the environment that you had both from a data perspective and physically when you stick everything on one system that separation becomes a little bit harder to manage and yes you can manage the separation there there are things in place that allow you to do that but you have to make sure they're implemented properly that different systems are moved onto different VLANs that physically they can't access each other and that those things are in place it's not as easy as looking in a room and knowing everything in this room is separated by from everything in the other room now you have to make sure in that virtualization layer that things are being managed as separate entities and those two systems are not able to communicate with each other from a business management perspective we also have to be clear about separation of duties when everything is on one big computer maybe all of your databases are on separate virtual machines inside this one system separation of duties becomes a little bit more difficult how do you separate somebody from managing one big server that happens to contain many many many different servers within it so that's something just has to be part of your policies if you're managing a virtual server maybe you have multiple people that can manage that virtual server maybe the administration of that server is split off into other pieces maybe there is an overlay on top of every single one of those individual virtual machines for management and security something that you may have to consider implementing into the security policies in your organization

2 Comments

  1. Jacob Reynolds said:

    good video man

    June 26, 2019
    Reply
  2. Mehmood Ghaffar Memon said:

    Very nice video highlighting the risks of the technology. Buying TB flash drives could replace the cloud computing technology. Is there any way to avoid these risks.

    June 26, 2019
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *