Question

Compare and contrast between the implementation of the security pillars on the IT cloud computing environment Vs. the IT data center environment?

Answer 1

Comparisons between implementation of the security pillars on the IT cloud computing environment and IT data center environment.

Security in IT Data center environment

1. Physical Security:- The physical security of data center building and its components are important. The Data Center building must be designed to handle all types of physical challenges, from industrial accidents to natural disasters. Enhancing physical security includes a variety of measures such as DC design with thicker walls and doors, enhancing CCTV monitoring.
2. Restricting access:- DC security team needs to keep a close watch on the people who enter the Data Center.
3. Securing Data :- All Data Center security is ultimately aimed to keeping the hosted data safe and private. This includes comprehensive measures such as complete data backup and recovery, using data encryption while transferring files, enforcing the latest data privacy regulations and comprehensive monitoring of traffic.
4. Network Security :- The first layer of network security is securing the perimeter by installing firewalls to clean up traffic right at the point of entry. Then the Zero trust model and inspecting and monitoring the internal traffic within the network, to detect and mitigate any threat that might have bypassed the perimeter firewall
5. Server Security:- It is important to monitor and  intrusion detection and intrusion prevention to prevent server theft. Security solutions need to protect all virtual and physical server environments and infrastructure as well as all web-based applications.

Security in IT cloud computing environment

1. Organization:- The organizational aspects of cloud computing start with the organization’s strategy for cloud adoption and include human resource planning. This task typically comes with organizational change management activities and review of business processes.
2. Technology:- Technology is obviously the backbone of cloud computing that challenges us on numerous aspects and should be given due consideration around interoperability and compatibility of new cloud technology with existing systems.
3. Security and Data Protection:- Sometimes cloud computing entails company data leaving the trusted perimeter of the organization. This brings multiple information security and data protection challenges into the game that we need to manage. These are internal or external cybersecurity threats that require joint attention by the cloud service provider. This is particularly true for encryption of sensitive data and preventing data loss or leakage.
4. Governance, Compliance, Legal and Audit:- It puts additional governance, risk and compliance factors onto the agenda. This includes the legal requirements of having the right contracts, service levels and data protection specifications implemented. This typically depends on the industry and jurisdiction of the consumer of cloud computing.
5. Service Management:- In outsourcinf of services an ongoing effort to actively manage contracts and service levels are key. A cloud service provider should be assessed based on its ability to integrate service management with the consumer to manage availability of the service including seamless incident/problem management processes.

How cloud security is similar to data center security
1. You still need to maintain a secure data center. Even if much of your data is located elsewhere, your local servers still contain data that must be protected.
2. Your data center is the gateway to the cloud. In addition to holding critical data, your data center is the primary means of access to your data in the cloud.
3. Critical software resides in your data center. The applications you need to access data in the cloud are likely in your data center. Access to those applications also provides access to your data one way or another.
4.Access to your data center is also access to the cloud. Whatever your IT strategy, you need to maintain security in endpoints, user access, and physical security. There’s more to securing your data than preventing malware and blocking hackers. The physical security of your data center is central to protecting the integrity of your data, regardless of where it is.

How cloud security is different from data cener security

1. You don’t control the remote data center, so the staff isn’t yours. This is part of the reason for choosing the cloud, because the data center staff is specifically trained to protect your data. But it does mean you need to work with that staff to ensure they learn the necessary procedures.
2. There’s a communications link between your data center and the cloud. The communications link to your cloud provider is a potential vulnerability, but it can be managed with virtual private networks, appropriate levels of encryption, and dedicated private networks where necessary.

3.Your data may exist in multiple, geographically dispersed locations. As long as you can be assured that your data is physically located where the law requires it to be (for example, European data must stay in Europe), then it doesn’t really matter where your data is, as long as it’s not all in the same place. By keeping your data in multiple locations, you ensure that no single event will prevent you from accessing your data.
4. Most security activities, including updates, backups, and maintenance, are handled by the cloud provider staff, who are probably better at it than you are. The cloud provider should have maintenance and management procedures that meet the requirements of the most demanding customer, with staff trained to work at that level.
5.You must confirm that the remote data center protects your data and other cloud activities at a level that meets your statutory and fiscal requirements, which means regular audits of the offsite facilities.