Currently, a large number of companies make the greatest effort to minimize their infrastructure costs, and one of the options for such a purpose is represented by Cloud Services, which have considerably extended over recent years; the statistics indicate that these solutions will grow by 36.8% in 2017, and in relation to this number the fastest growing service will result from infrastructure services (IaaS).
As a result of the above, too many questionings have generated in relation to the security of data and the applications taken to the Cloud which must be provided by the suppliers. For an end user it is relatively easy to choose a Cloud Computing service, but when it comes to a CIO and the relating equipment, it is necessary to consider even the smallest detail to hire mission-critical solutions.
Emphasizing the security issue, it is necessary to consider that a Cloud solution must be able to use anti-virus and anti-malware applications, encryption and access controls for servers so that communication is guaranteed and the risk of any interruption is minimum, without forgetting the security equipment like Firewall and IPS.
Another important point is to consider the configuration of Cloud infrastructure backup systems and to designate a clear storage policy for mission-critical equipment, since it is not a guarantee that the cloud service provider has a backup system. The issue of storage is therefore more on the responsibility of the client because it is extremely necessary to make the data available and by the duplication of them with the required security controls the risk of theft or alteration is minimized.
Doing pentesting tests may sound like something minor, but it can make a big difference, mainly in order to validate and ensure that the security controls are properly applied. A Whitebox o Blackbox test can help us to identify some kind of gap and provide recommendations to deal with any concerns, as it can even find hidden issues.
Cloud security is not far from security for physical infrastructures. We should not assume that a cloud system will always be safe, we must meet the correct standards in terms of industry standards and compliance in order to certify that all information is protected to avoid potential losses.