Estimated reading time: 2 minutes, 46 seconds

Misconfigured IaaS Implementations Results in Vulnerable Systems Featured

"Danger sign with skull" "Danger sign with skull"

According to research by the Gartner Group, the worldwide public cloud services market is expected to grow to over $266 billion in 2020. This represents a 17% increase compared to spending in 2019. While software as a service (SaaS) is the largest market segment, infrastructure as a service (IaaS) is growing faster than any other component of the cloud computing paradigm. It is expected to reach $50 billion in 2020 with 24% yearly growth. These numbers illustrate the fact that many enterprises are trusting their infrastructure with public cloud providers.

IaaS implementations put more emphasis on customer responsibility than do other forms of cloud computing. When an enterprise moves their infrastructure to the cloud, they are still responsible for areas such as the operating systems, virtual network, middleware, and applications that provide its computing resources. This reliance on homegrown IT talent and procedures can lead to disastrous consequences if it cannot handle the complexities of properly configuring the cloud infrastructure.

The Many Manifestations of Misconfiguration

There are many different issues involved in the misconfiguration of cloud systems which threaten to account for the vast majority of security failures by 2022. The problem with cloud security is not inherently associated with the cloud. The issue lies with the technologies and policies that are used to implement its security and control access to an organization’s computing resources. Here are some of the most important points that need to be considered by enterprises when employing the IaaS cloud computing model.

  • Understanding the division of responsibilities is vitally important when undertaking any move to a public cloud provider. Organizations may have begun their cloud migration by testing the water when using an SaaS offering that provides additional or new functionality to their computing environment. This can leave them with a false sense of security regarding the degree to which they need to be involved in system configuration. Whereas the cloud provider is charged with configuring and securing SaaS instances, this is not the case where infrastructure is concerned. The lines between customer and provider responsibilities need to be clearly understood and agreed to when implementing the IaaS model.
  • Data access and security are of paramount importance in any IT system. These areas achieve even greater prominence in cloud implementations where there are additional entities who may come in contact with enterprise data. Mistakes such as allowing storage devices to be accessible through an Internet connection or failing to turn on encryption to protect enterprise information are examples of this type of oversight. The keys required to access encrypted data should remain with the organization when at all possible to eliminate potential security risks beyond its control.
  • User interfaces and APIs are other areas that need to be addressed when adopting the IaaS cloud model. These interfaces warrant close scrutiny as they are often the only asset with public IP addresses that enable anyone to gain entry into the systems. Weak security regarding interfaces and APIs can result in confidentiality, accountability, and availability problems with the systems behind them. Using standard and open API frameworks can help minimize the complications involved in locking down these potential security gaps.

The cloud offers many benefits to organizations that choose to take advantage of them. Every enterprise that implements the IaaS model needs to acknowledge and address the issues that may lead to system vulnerability or risk catastrophic security breaches.

Read 1722 times
Rate this item
(0 votes)
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.