1 00:00:00,690 --> 00:00:02,750 Once we begin to rely on virtualization 2 00:00:02,750 --> 00:00:04,650 and cloud computing for our deployments, 3 00:00:04,650 --> 00:00:06,530 it becomes very important to recognize 4 00:00:06,530 --> 00:00:07,990 that our data might be hosted 5 00:00:07,990 --> 00:00:09,490 on the same physical server 6 00:00:09,490 --> 00:00:11,640 as another organization's data. 7 00:00:11,640 --> 00:00:14,080 By doing so, we introduce some vulnerabilities 8 00:00:14,080 --> 00:00:16,290 into the security of our systems. 9 00:00:16,290 --> 00:00:18,480 First, if the physical server crashes 10 00:00:18,480 --> 00:00:20,690 due to something one organization does, 11 00:00:20,690 --> 00:00:23,080 it can affect all of the organizations hosted 12 00:00:23,080 --> 00:00:25,080 on that same physical server. 13 00:00:25,080 --> 00:00:27,520 Similarly, if one organization has not maintained 14 00:00:27,520 --> 00:00:29,110 the security of their virtual environments 15 00:00:29,110 --> 00:00:30,660 being hosted on that server, 16 00:00:30,660 --> 00:00:33,171 there is a possibility that an attacker could utilize that 17 00:00:33,171 --> 00:00:35,570 to the detriment of all organizations 18 00:00:35,570 --> 00:00:38,440 based on that same server being hosted. 19 00:00:38,440 --> 00:00:40,100 Just as there are concerns when you conduct 20 00:00:40,100 --> 00:00:42,670 the interconnection of your networks with somebody else's, 21 00:00:42,670 --> 00:00:45,680 there are concerns with hosting multiple organizations' data 22 00:00:45,680 --> 00:00:47,240 on the same physical server 23 00:00:47,240 --> 00:00:49,420 that's being run by a given cloud provider. 24 00:00:49,420 --> 00:00:52,180 It's important for us to properly configure, manage, 25 00:00:52,180 --> 00:00:56,150 and audit user access to the virtual servers being hosted. 26 00:00:56,150 --> 00:00:58,540 Also, you should ensure that your cloud-based servers 27 00:00:58,540 --> 00:01:01,610 have the latest patches, antivirus, anti-malware, 28 00:01:01,610 --> 00:01:03,180 and access control in place 29 00:01:03,180 --> 00:01:04,780 if you're going to be using infrastructure 30 00:01:04,780 --> 00:01:07,020 as a service as your model. 31 00:01:07,020 --> 00:01:08,730 To minimize the risk of having a single 32 00:01:08,730 --> 00:01:11,350 physical server's resources being overwhelmed, 33 00:01:11,350 --> 00:01:13,470 it's a good idea to set up your virtual servers 34 00:01:13,470 --> 00:01:16,130 in the cloud with proper failover, redundancy, 35 00:01:16,130 --> 00:01:17,810 and elasticity. 36 00:01:17,810 --> 00:01:19,450 By monitoring the network's performance 37 00:01:19,450 --> 00:01:21,270 and the physical server's resources, 38 00:01:21,270 --> 00:01:22,835 you should be able to balance the load across 39 00:01:22,835 --> 00:01:24,740 several physical machines 40 00:01:24,740 --> 00:01:26,930 instead of relying on a single one. 41 00:01:26,930 --> 00:01:29,950 After all, elasticity is one of the main benefits 42 00:01:29,950 --> 00:01:32,800 of migrating to the cloud, in the first place. 43 00:01:32,800 --> 00:01:34,390 Most of cloud security relies 44 00:01:34,390 --> 00:01:35,950 on the same security practices 45 00:01:35,950 --> 00:01:37,780 that you would perform for other servers, 46 00:01:37,780 --> 00:01:40,060 such as ensuring complex passwords are used, 47 00:01:40,060 --> 00:01:42,210 strong authentication mechanisms are in place, 48 00:01:42,210 --> 00:01:43,870 and strong encryption being used 49 00:01:43,870 --> 00:01:47,780 to protect your data at rest, in transit, or in process. 50 00:01:47,780 --> 00:01:50,540 Also, your cloud environment should have strong policies 51 00:01:50,540 --> 00:01:53,830 in place to ensure that it's clear what things a user may do 52 00:01:53,830 --> 00:01:56,630 and may not do with that cloud service. 53 00:01:56,630 --> 00:01:58,230 Finally, remember that the data 54 00:01:58,230 --> 00:01:59,230 that you're hosting in the cloud 55 00:01:59,230 --> 00:02:01,550 is on somebody else's physical server. 56 00:02:01,550 --> 00:02:03,330 If you're using a public cloud model, 57 00:02:03,330 --> 00:02:05,410 you need to be concerned about data remnants 58 00:02:05,410 --> 00:02:06,710 that could be left behind 59 00:02:06,710 --> 00:02:08,520 when a cloud server is deprovisioned 60 00:02:08,520 --> 00:02:10,900 after demand for the service is reduced. 61 00:02:10,900 --> 00:02:12,320 This could lead to a vulnerability 62 00:02:12,320 --> 00:02:13,420 where your data is available 63 00:02:13,420 --> 00:02:16,680 to other organizations using that same server. 64 00:02:16,680 --> 00:02:19,130 To prevent this, data should always be encrypted 65 00:02:19,130 --> 00:02:20,600 when placed in the cloud server, 66 00:02:20,600 --> 00:02:22,670 including the virtual hard disk files 67 00:02:22,670 --> 00:02:25,070 for those virtual servers that are being hosted.