Cyber security to prevent data loss in the cloud
Trust is at the heart of the functioning of the online economy, as in every other business ecosystems. However, the Internet is concerned with particular risks: its strengths are also its weaknesses. The main factor of its effectiveness lies in the efficiency of the transfer of information between users. However, this ability is often hijacked by malicious parties who focus on data collection without adding value. Cyber criminals, hackers and institutional actors have more opportunities than ever to access information about users available to companies. This access is usually made possible by security vulnerabilities resulting from these companies and designers of infrastructure they use.
These problems are so well known that it is almost unnecessary to mention. For the general public, heartbleed , go to fail and targets are now data loss synonymous and shaken confidence.They concern not only businesses prone to security breaches resulting in the loss of user data but also all the players in the online ecosystem. To protect their own interests, companies, hosting providers, cloud service providers and other organizations involved in the process of online financial transactions should avoid as much data leaks.The National Institute of Technology of the United States, the White House and many companies have worked together to create a set of security standards that provides a series of best practices that enable organizations to avoid embarrassing data leaks and other attacks.
Entitled Framework for Improving Critical Infrastructure Security (Regulation for improving critical infrastructure security), the document is intended to help protect “systems and assets, whether physical or virtual, essential for States STATES, whose unavailability or destruction would have a considerable impact on security, the security of the national economy, public health or national security, or any other aspect related to these areas. “It may seem exaggerated to suggest that e-tailers and Cloud service providers are concerned by this definition of critical infrastructure, but what applies to one applies to the other. Following the large-scale security breaches involving direct contact with corporate customers, security experts said that businesses would the right choice by adopting the proposed measures.The computer systems of companies tend to grow organically over time, becoming a mass of interconnected systems consisting of superimposed layers of infrastructure and software. As long as it works, companies are reluctant to implement systematic analyzes. The role of IT departments is to ensure the proper functioning of systems, not to cause problems by highlighting potential vulnerabilities. Of course, this is not the case in all societies. Some have excellent security practices, but many are those who favor the political and economic benefits in the short term at the expense of good practice. Companies are therefore faced with a major problem.The regulation of critical infrastructure presents a set of suggestions, which are mostly filled with common sense, including three key steps:- Determine whether your organization has a formal safety program and understand your security policy,- Identify what is protected, if security practices can be adapted and repeated and if they meet the needs of your organization activities and missions,- Identify gaps and set a plan for improvement.This may seem obvious, but applying these guidelines or other similar standards approach rather than “if it works, do not touch”, organizations can prevent attacks.Dedicated servers (virtual or not) hosted a fairly represent scalable solution, but have limitations: for example it is inconvenient to have to adapt them to the changing hour traffic volume in time. Moreover, commitments to dedicated hosting servers and VPS (virtual private servers) often form in the long term: customers end up paying resources they sometimes do not need.
With the cloud , this practice is much more profitable: it is possible to deploy a virtually unlimited number of servers on demand. With load balancing, cloud networks can automatically adapt to fluctuations in traffic. Note that the capabilities of cloud IaaS platforms may be restricted or expanded very rapidly, enabling e-merchants to deal with traffic spikes for limited periods while reducing costs.As cloud platforms can be controlled from a software interface, it is possible to design systems that adapt automatically on request. If the load is too large for the existing infrastructure, the system can automatically duplicate nodes.