Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What security risks does rapid elasticity bring to the cloud?

Enterprises can benefit from cloud features such as rapid elasticity and measured services, but they bring new security risks with them. Expert Matthew Pascucci explains.

What are the security risks that may arise from cloud features such as measured services and rapid elasticity for...

platform as a service (PaaS) systems?

One of the major benefits of anything living in the cloud is the ability to measure resources and use rapid elasticity to quickly scale as the environment demands. The days of being locked into physical hardware are over, and the benefits of rapid elasticity in cloud computing are attractive to many organizations.

There are some concerns -- more based off the education of cloud computing -- which an organization needs to be aware of before using these features. Like anything else, the cloud can be deployed securely, but without understanding how to implement these services, an organization can find itself at risk.

With measured services, which are cloud services that are monitored and measured by the provider according to usage, an organization can leverage resource metering to perform particular automated actions. These systems can expand based on thresholds and from an on-demand service model.

As a cloud footprint can swell or deflate with demand, there are multiple security concerns to consider with the fluctuating infrastructure of potential PaaS systems. Managing data in the cloud needs proper policy and configuration to validate its security. This is always a concern, but there are some unique use cases when it comes to cloud security because of the elastic nature of the infrastructure.

Data lifecycles in the cloud can be different than their physical predecessors because systems and applications are more automated. Being able to create, store, use, share, archive and destroy data is now possible on systems that might only be up for a certain period of time. The ability to log the transactions of these systems and applications is something unique to the cloud. The audit of this data and the collection of logs and forensics is also a challenge unique to the cloud.

Performing incident response and forensics in an elastic cloud environment is also something with which organizations should be familiar. Your cloud service provider and the deployment model -- PaaS included -- will determine how incident response is handled. Being able to preserve, collect and analyze data on systems while they're potentially moving can become a challenge if an organization isn't prepared for it.

Many of the security features at this point should be moved toward the workloads, and there should be a policy in place to isolate and contain incidents instead of removing the systems. There are actually many pros to dealing with incidents in the cloud, but it's different than dealing with incidents on a physical network, and might involve a learning curve.

Another thing to look out for regarding the measured services and rapid elasticity of the cloud is the possibility that certain systems could be provisioned in different geographical regions if that is how they're configured. This is something that has to normally be done manually, but it's still a concern when sensitive data might be stored outside of boundaries that clients or customers aren't expecting. When building out an infrastructure like this, it's wise to consider what data is moving between these systems and applications and if there are any privacy implications when it is transferred.

Lastly, as systems are spanned throughout your cloud environment, it's extremely important to have proper configuration management utilized to keep control of the automated systems. The last thing you want is to have systems built and spawned throughout your infrastructure that increase your risk footprint throughout the environment. Being able to control what's being built and locking it down to a secure standard that limits the damage and decreases the opportunity for attackers to take advantage of an automated environment is key.

Ask the expert:
Want to ask Matt Pascucci a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out what's new in platform as a service this year

Discover how PaaS can help with application development

Learn more about the Google PaaS, App Engine

This was last published in September 2017

Dig Deeper on Cloud Computing Platform as a Service (PaaS) Security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has been your experience with rapid elasticity and measured services in the cloud?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close