• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Virtualization   »   Why Security is Essential for the Success of Cloud Computing

Why Security is Essential for the Success of Cloud Computing

  • Posted on:September 17, 2009
  • Posted in:Virtualization
  • Posted by:Rik Ferguson (VP, Security Research)
0

When your servers are in the cloud, then your own perimeter provides no protection, the security is often “lowest common denominator security” which undermines both confidence and compliance. Co-location of virtual instances and data with that of strangers, competitors and possibly even malicious actors (we have already seen criminal activity being hosted in Amazon’s EC2 cloud for example) brings a host of new challenges. How do you maintain confidence that a dormant virtual machine is free of infection? How do you manage traffic between virtual machines from a security standpoint? How can you deal with emerging threats like malware capable of breaking out of a virtual machine to infect the host OS? What mitigation exists against insider attacks? How do I maintain an effective patching regime in a zero downtime environment?

In order for security to be effective in the cloud it needs to be enforceable, configurable and auditable at virtual machine level, deep packet inspection firewalls and application level intrusion prevention are key technologies here. According to the recently released IBM X-Force Trend report, out of all of the web application vulnerabilities disclosed in 2008, 74% still had no vendor supplied patch available by the end of the year. At the same time SQL injection has become the most common attack vector. SQL injection attacks against cloud-based services open up the possibility of large-scale data compromise, and in extreme cases, even allow for upload of malicious code. Web application firewalls should filter out anomalous traffic before it can impact data or servers.

For those vulnerabilities where a patch is made available, it is often difficult to deploy those patches in a timely manner to cloud-based services where downtime is undesirable. In many cases virtual machines are deployed in environments where patching windows have either been minimised or eliminated, leaving virtual machines vulnerable to attack and compromise from both within and without the host environment. It is essential that the system is able to operate in a non-vulnerable state even where patches have not yet been applied. Host-based intrusion prevention should allow you to achieve this.

Traditional anti-malware solutions for virtual machines prove inadequate on a number of levels; most obviously they can place a heavy load on the host operating system, especially when it is time for a regularly scheduled scan to take place. Typically they are not VI aware so simultaneous full system scans can cause huge performance degradation. In most cases VM security solutions are also unable to scan or update dormant machines, this means that when the machines are brought online, their virus pattern files may well be out of date, and at risk. The disclosure this year of a VMware vulnerability, that allowed malware on a compromised virtual machine to execute code on the host has certainly raised the stakes (and given some malware researchers pause for thought too)!

In the final analysis, security in the cloud is essential simply because the safety of your customers, your employees and your business should not be sacrificed in the name of economy.

Related posts:

  1. Security in the cloud is a shared responsibility
  2. Security, your cloud and data center environment – does it fit like a glove?
  3. Survey: Employee Security Training is Essential to Remote Working Success
  4. Security essential to successful cloud deployments

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.