Examining Dangers of the Public Cloud

private_public_cloudMuch has been written on the great debate concerning servers hosted in the public cloud versus colocation versus rented dedicated servers.

With data center colocation services, organizations can know every detail concerning all physical and virtual machines hosted on their network.

The same cannot be said for public cloud, which utilizes whatever infrastructure is available when you spin up a server. You might be wondering: What are some of the other common fears of using public cloud infrastructure for your next project?

Public Cloud Deployments Require Stringent Security Measures

There’s no doubt that the big selling point of cloud is its ease of use. That can be a detriment for some organizations, given the fact that many businesses will setup applications and use the out of the box settings. This can lead to serious ramifications that can allow novice hackers to gain access to your systems.

This was evidenced in 2013 when BusinessWeek reported upon a hacking competition in which virtual servers were deployed on Amazon Web Services with all of the default settings. A novice computer security student named Gus Gray was able to gain administrator access onto the VM that was configured with default settings.

Gray went on to win $5,000 from CloudPassage for discovering this exploit, which took him all of 4 hours to find. The aspiring computer security engineer said that he would use the money to fund his education.

Rogue-Clouds-Prevalent-in-90-Percent-of-Indian-Organizations-Symantec-Survey_0Cloud Security: Fear of the Unknown

Cloud is such a new technology and many organizations are unaware of the security concerns associated with using public cloud. Before diving into public cloud, both physical, virtual and environmental security audits must be conducted in order to meet compliance standards within specific industries.

Although rigorous security measures must be in place, businesses still have to fear the unknown. One of the biggest fears for public cloud is an attack that allows a hacker to execute code that impacts other virtual machines hosted on the same hypervisor.

Evidence of such an attack occurring has never been documented, however, it is imperative to note that this is one of the biggest fears of security analysts whom have  skepticism concerning public cloud security.

Evaluating Your Risk with Public Cloud

While public cloud may seem like an attractive option from a cost perspective, there could be hidden costs down the road in terms of securing your cloud.

Dedicated servers can be considered more secure in many regards, considering the fact that your organization can either lease an entire server or colocate in a data center near your office and have physical access to the servers if needed.

Cloud vs. Colocation: What is Right for You?

cloud-security-issues-678x214_1When you are asked to  make the decision between cloud or colocated infrastructure, how will you know that you are making the right decision for your business?

The answer truly depends upon the type of infrastructure that you are operating and how important security is for your IT operations. Cloud provides the dynamic scalability of only paying for the resources you need at any given moment but also exposes you to the potential of dirty neighbors that can cause major security concerns.

IMG_2024-X3When You Need Colocation

Your organization may have a requirement that your colocation infrastructure always be available. If your business already owns its servers, why not move those workloads to a colocated data center? If you have servers that must be available 24/7 and you already own the hardware, colocating your servers is probably a cost effective solution for your business. Colocation will always be more secure because your work loads exist on servers that are owned and operated by you and your files and data are not living on a shared environment.

When Cloud Makes Sense

As described above, cloud allows you to buy infrastructure when you need it. When you are able to only pay for infrastructure when you need it, your organization can save money by purchasing infrastructure when it is only necessary to have it. Think about your utility service that only bills you for the electricity that you use. That’s the same fashion in which cloud hosting will invoice your business.

Which is Right for You?

It really depends on the immediate needs of your organization. Some services may be better suited for data center colocation. Other workloads, that are not mission critical, may be better suited for a cloud hosted solution.

One added solution for cloud hosted workloads is that IaaS providers will typically provide you with the ability to backup your data across different data center sites. This can be imperative considering the fact that if one of the data centers you are using encounters an outage, you can easily spin up your virtual machines in another data center.

IMG_2001-X2Making the Right Decision

It is always important to make the right decision concerning your colocation and cloud workloads. Some organizations aren’t comfortable using cloud systems to run their production workloads.

Many of these concerns stem from a hypothetical hypervisor breakout attack. Although this attack is feared by many cloud architects, there has not been a single confirmed case of this actually happening.

The biggest fear for those wanting to move to cloud is the unknown. That’s not to discount cloud services but given the relatively rough ride certain large clouds have experienced recently (EC2, Rackspace, etc) one has to be cautious when using the cloud for mission critical applications or secure data storage. The secure, private nature of colocation simply cannot be matched by a public, shared, cloud.

PCI Compliance: What Is It and How Can You Prepare your Servers?

pci-dss-compliant

If your business is somehow related to the payment card industry, you’ve probably heard a
bout the new PCI requirements which heavily focus on compliance for merchants that use deprecated security protocols.

TLS, which stands for Transport Layer Security, is the payment card industry’s required method of creating secure connections. Older security protocols such as SSL 2.0 and SSL 3.0 have been compromised in various fashions, which has prompted the industry to utilize stronger encryption techniques. What does this means for your servers?

Many organizations that use the Windows Server OS to deliver web applications that allow users to make payments on accounts must tightly secure the protocols on their production servers in order to meet PCI-DSS compliance standards.

Preparing Windows Servers

In order secure web applications running IIS, businesses have heavily implemented a free tool called IIS Crypto in order to remove insecure ciphers from the registry of the server. One of the downsides of this configuration is that protocols such as Remote Desktop may become impacted.

You will want to make the necessary registry changes in order to continue using RDP on your servers. If you are comfortable managing your servers using remote PowerShell, the lack of RDP functionality may not be a big deal to your team.

What About Linux Servers?

The first thing that you should do on any Linux distro is run the necessary system updates. When your system is up to date, your server will operate in accordance to the top industry standards.

Just to be sure, you should consult the documentation on your specific Linux distribution on instructions on how to disable weak security ciphers. For example, Red Hat provides its subscribers with a document on how to perform these actions.

Why is PCI Compliance Important?

Some systems administrators will discount the importance of becoming PCI-DSS compliant within your organization. When your servers pass the PCI compliance test, you can know that your administrators have taken the proper precautions to help keep your organizational data safe and secure.

When your customers are transmitting personal information about themselves, you want to ensure that only you and your customers know what is being transmitted. When you adhere to the newest PCI regulations that heavily focus upon disabling weak security ciphers on your servers, you can be sure that your organization has taken the initials to help facilitate secure transactions between your business and your customers.

Is your web server PCI compliant? Check the status of your website by using free tools found on websites such as Nartac.com.

Add-On Services Provide Added Value for your Colocated Servers

IMG_2185While many organizations ship their servers to colocated data centers in order to remotely host their workloads, did you know that your data center could provide additional services for your organization that can help you achieve your organizations IT goals?

Add-on services will allow your organization the ability to thrive, taking burdens off of your IT staff to manage additional process that may be outside of their current bandwidth. Did you know that you can outsource data backup jobs, software patching and even DDoS mitigation services by choosing a colocation hosting provider?

Getting Value Out of Add-On Services

When you bring on IT staff, you have to manage, procure and build out for the infrastructure for your organization. When you buy add on services, you can streamline the services that your IT team provides to your organization, which will save your IT budget on staffing overhead. When your IT team can focus on service delivery and not service maintenance, your organization will be on the fast track to being able to rapidly grow and expand.

Add On Services Can Pay For Themselves

When you addon managed services to your colocated servers, your business can rest assured that your business’ critical resources are being constantly monitored. Some of the most popular add on services that colo customers buy are:

  • Managed Hosting
  • Disaster Recovery
  • DDoS Protection

And more! With add on services, you won’t have to build out and maintain critical network infrastructure since you can rely on the IT professionals on staff at ColoCrossing.

IMG_2216-X3Managed Services for Your Servers

How do you know that the best practices for your servers are being implemented on a daily basis? When you have addon managed hosting services, you can know that your server is getting the all of the critical updates.

Managed services provide businesses with service level agreements which accurately depict all of the services rendered as well as the timeframes that each of these services will be applied. Managed services give organizations peace of mind, since management is rendered by industry certified professionals.

1075-h_main-wDDoS Protection

What if a hacker decides to point a botnet at your website? Would your servers be able to withstand a DDoS attack? Your data center can likely provide anti DDoS services for your server, protecting them against malicious attacks.

A DDoS mitigation service filters out all of the malicious requests to your servers, while allowing legitimate traffic to pass through unabated. Buying DDoS protection for your servers is often a solid investment if you have multiple servers facing the public internet.