Attended the 5 hour webinar on Google OnAir cloud platform on Oct 7th 2017. Though they covered five sessions on various topics, the Security topic got me interested, as it matters most especially when we have to decide for our clients. All clients and pretty much all over the world have this most over-frequently asked question "Is Cloud secure for my business?" I was one of them too until I got onto cloud myself in Septemer 2015, as a technical developer building something for my one and only client on Microsoft's Azure cloud platform.
I liked the below image shared during the webinar.
 |
| image courtesy: Google |
These are actual cables owned, deployed by Google for the purpose of cloud. Whoever accesses the cloud will have to pass through these cables only. So that is one level of security I liked. No one can tamper the data on the way because the cloud ensures the data is encrypted, uncorrupted and inaccessible through privately owned cables.
Also I liked the fact that there is a cable connection deployed to connect my hometown Mumbai.
The other thing I liked was this next image.
 |
| image courtesy: Google |
This is a chip mounted on every hardware that Google maintains on cloud. Only hardware with these chips and proper authentication can access each other hardware. Its a hardware to hardware security. All hardware outside the cloud cannot access it either via hardware and definitely not with any software tricks. I liked the fact that security is embedded at hardware level itself.
The next image that took my attention was the below one.
 |
| image courtesy: Google |
In regards to app security, though there are few obvious things that one can do such as "https setting is on", here are few other basic things that are not so obvious which I recommend.
1. Keep your database file on disk with encryption option on.
Though we use big databases, it is ultimately just any other file on a disk within the cloud. Make sure your database file stored on the disk within the cloud is always in encrypted format. Google and Azure both give you this option. A simple file copy from a mischief person, even though if he or she is from within the cloud company (in this case Google) will not help, without him/her having the ability to decrypt the disk file. The cloud alone can decrypt the database files whenever there is a data request from the authenticated apps only. I like this feature where cloud company gives you an additional protection layer of customers data from its internal employees too. As such, the cloud security ensures that even if database file is in unencrypted format on their disk, it is not accessible from any hardware that is not authenticated (remember that hardware chip). But there is no harm in having a double door security at app level. Right?
2. Keep your authentication information in configuration readable files in encrypted format
Your username, password in any configuration files should be in encrypted format and not in readable format else any mischief person breaking into these configuration files can read simple text username, password and be able to access the database from the configured IPs on cloud. (for example web.config in .Net apps are one such file). As such cloud will not allow beyond its boundaries, any IPs that are not configured to cross its firewall. But what if this web.config file is in adminstrator's personal laptop and his laptop is hacked. There is no harm in having double door security at app level. Right?
3. Keep your data in database in encrypted format
The third thing I noticed was seminar claiming that the cloud platform follows HIPPA security standards along with many other well established security standards. I was happy to know about it. The HIPPA standards are related to data dealing with medical patients , healthcare mostly and its relevant to me as I am building a product for pharmacy stores in US. I have one such requirement where I am dealing with patients basic personal information. I am paranoid and worried that if anyone has user name and password and IP authentication, then they will manage to read my database on cloud, they will have access to patients information stored in simple text format with a execution of a simple SQL query. The bar graph in the image above clearly indicates that patients data, which would be collected by app has to be protected by the app and it would not be Google's responsibility. So even though cloud platforms try to implement HIPPA standards or any such standards, I recommend cloud customers to store all your patients data or for that matter, any critical or important data within their database in encrypted format only, if its possible and not a much overhead. Once the data in the database itself is in encrypted format, then mischief user will not be able to understand the data, even though he can query the data into the SQL server or any other form of database. Remember, there is no harm in having double door security at app level. Right?
The next slide that caught my attention was the below one. Google Virtual Private Cloud Network
 |
| image courtesy: Google |
This is similar to how intranet operates in companies with their own infrastructure. In intranet, all resources such as desktops, servers, networks, users, applications and any thing that is created , retained and destroyed remains within this 'private' company's network. There are only few servers that outsiders can access the internet and that too is protected by firewalls. Google VPC network provides the features of intranet.
One can always create multiple networks within this intranet kind of network, which can operate restrictively with each other under the same umbrella. Google VPC network is ideal for medium to big size organizations who want to run their entire infrastructure under a private cloud. There is no interference from internet per say.
Why cloud is important for small size business organization?
For new enterpreneurs that cannot afford hardware, software, office, cloud is a very good option and the only option.
Why cloud is important for medium size business organization?
With growing need for big data management, data analytics, AI, cognitive services and lately quantum computers getting prominence, even medium size organization cannot afford to buy, install and maintain these kind of demanding software neither its easy to have skilled resources for the same. Its expensive and becomes cost ineffective at some point.
Why cloud is important for big size organization?
With so many economic, natural, political uncertainties in todays world and add to that decentralized technologies like blockchain technology taking over currency market and more, it will make sense if big organization have a cloud of their own atleast as a backup resource and at some point shift to cloud itself to meet the demanding challenges of new future technologies. As such cloud infrastructure is almost available to dwell within your own country's boundaries and thereby adding another layer of security.
Today the big question is no longer "Is cloud secure for my business?"
Today the big question is "Is my business secure without cloud?"
No comments:
Post a Comment