Data Security in Decentralized Cloud Systems

What dangers might lie in the data, including in the cloud (IT Companies in Birmingham)? – Firstly, the possibility of their loss. Secondly, the ability to access data of unauthorized persons, that is, loss of confidentiality. A reasonable concern for these cases should always be present, and when placing the computer infrastructure in the public cloud, it can increase.

Data loss

Everyone is accustomed to the fact that digital data is easy to copy. However, to copy anything you need the original. If the original is lost, the data contained in it will also be lost. Computer data can be lost either as a result of deleting the corresponding files or as a result of the destruction of the media on which these files are located.

BACKUP

In order not to lose all the accumulated data, you need to regularly back them up. At the same time, for the safety of backups, it is important to place them not on the same medium on which the original is located, but on another – physically (!) another disk, on another computer, on another network.

RELIABLE MEDIA

Now for storage of data used media of various types. They have different data storage principles and different storage reliability. In addition, the reliability of storage can be improved by sharing several media grouped together, for example, in a RAID array.

Loss of privacy

Actually, the task of preserving the confidentiality of data arises not only in the case of a virtual server located in the cloud but also in a familiar world. Computer data that has been accessed by an unauthorized person cannot be returned – there will never be a 100 percent certainty that this data has not been copied. Therefore, data protection comes down to exclude the very possibility of any unauthorized access to them.

Other people’s data can be obtained in two ways: as a result of access to their media or through the operating system that processes this data. The features of these access methods determine the data protection methods.

Fortunately, the digital nature of computer data provides such protection as encryption. – If an unauthorized person gets access to the media with encrypted data or to the file that stores the encrypted data, it will not be able to use them.

Next, we consider measures in terms of system administration to preserve the confidentiality of computer data hosted in a virtual cloud. In this case, we will not deal with issues of data security within applications (programs) that use this data.

Physical access

Virtual machine disks are files located in large disk arrays located in data processing centers (Data Centers). Accordingly, the “physical” access to the virtual machine disks is reduced to access to these files.

DATA PROCESSING CENTER

The data center provides the equipment of the cloud provider:

1. Stable and reliable power supply;

2. Cooling with clean air;

3. Protection from unauthorized persons.

Despite the fact that data center employees have physical access to the equipment of the cloud provider, there is no need to fear that they will be able to find and copy a specific disk of a certain virtual machine. For load balancing and fault tolerance, virtual disks can move through the entire hardware disk space, which currently can reach many hundreds of terabytes or even petabytes.

In addition, data center employees, as a rule, do not have logical access to the cloud (via the network).

PROVIDER

As for employees of a cloud provider, they (at least, authorized system administrators) always have access to files with the “hardware” configuration of virtual machines, and to files with their virtual disks. Without such capabilities, they simply cannot manage the cloud and provide services to their customers.

Moreover, system administrators of the cloud provider often have access to the operating systems of their clients’ virtual machines. This access simplifies the management of the cloud and the virtual machines in it.

Is it possible to do without such access? – Yes, you can. But with some clarifications

OPERATING SYSTEM

IT Services Nottingham experts said that to protect data at the operating system level, accounts are used whose rights can be controlled. The system should not be extraneous accounts, and according to the existing records should not be unnecessary rights.

However, the operating system on specific “hardware” drivers is required. The operating system on the cloud “hardware” also requires drivers, and they need someone to install. That is, administrative access to the operating system of the virtual machine in manual or automatic mode is still unavoidable. Such access may be required for the network configuration of the machine.

In principle, after creating a new virtual machine, you can change the password of its system administrator and even delete or block the corresponding account. And after that, cloud administrators a priori will not have access inside the virtual machine.

However, you need to realize that all further concerns about ensuring the health of the virtual machine will fall solely on the client’s system administrator.

The question of the ability of cloud administrators to access the operating system of a virtual machine should be discussed and resolved calmly and carefully.

DRIVE ENCRYPTION

As already mentioned, data access can be obtained without logging into the operating system of the virtual machine. To do this, it will be sufficient to access its disks directly. The only way to completely eliminate this possibility is to encrypt disks. An obstacle will arise only with one of them – the system one.

The problem is that the password for connecting an encrypted system disk must be entered before the operating system is loaded, that is before it becomes possible to connect remotely to a virtual machine. To overcome this obstacle is possible only with the help of remote access to the console of the virtual machine, to put it simply – to its screen, where you can see the whole process of loading the operating system.

Most modern Cloud/Network Security Services providers like Managed IT services Birmingham have the means to provide customers with access to the consoles of their virtual machines. We will be realistic, in our world, it’s impossible to exclude something 100%, but to minimize the probability of an event and reduce the size of its negative consequences.

Tags:



Comments are closed.