Category: Cloud Security


What Is A Honeypot?

A honeypot, in simple terms, is a trap. It’s a trap for spammers or malicious software peddlers. For IT professionals, it’s an interesting thing. You set out a computer or a network for the sole purpose of luring malicious viruses and such in and trapping them so that they can’t access your real networks.

If you are going to operate in the cloud – that is, use cloud hosting – then you need to become very familiar with honeypots, honeynets, and honeyfarms.

A honeypot is a single computer that is isolated from the rest of your network. It looks like it has valuable information on it for hackers, which is what makes it attractive. But you have to put a firewall around it so that hackers can’t access your real network through it.

A honeynet is a network of honeypots. If you have a larger network or cloud set up, then you might need a honeynet to be more effective.

A honeyfarm is a centralized collection of honeypots. It is distinguished from a honeynet in that several honeypots can co-exist at the same location without being networked. These are particularly useful to cloud hosting providers who have several clients on various machines and they want to keep all them separate.

Honepots, honeynets, and honeyfarms are useful security measures for anyone operating in the cloud. Get very familiar with them for your own benefit.

One very definite challenge to server security is with software updates. Cloud-based software has the unique ability to show a new version of software when each page is updated. So imagine that you have a page that has been updated a hundred times and you have several versions of that software sitting out there on your server. Each of those are a separate security risk.

How does that change the security of your server? Well, it obviously makes you more vulnerable.

But, can you fix it?

You can, but it is challenging. You have to look at cloud server security as a component of its own rather than as a component of your server configuration. With that in mind you should look at each server in light of the following three principles.

  1. Elasticity – Each server needs to be elastic enough that you can have the same level of security as you scale up and down, but you should also have the same level of security as you maneuver horizontally. Scalability and flexibility are only benefits if you have security to back them up.
  2. Programmable – You have to have the ability to program security for each application and each software package on the server as opposed to expecting one level of security for the entire server to protect everything on that server.
  3. Adaptive – Not only should you expect server security to match scalability and flexibility protocols as well as be programmable for each software and application package, but you should also be able to configure security for each user level. If you have server work groups that allow for security configuration per work group then you can allow each user and management representative in your company to do the work they need to do on the server and keep it secure.

Cloud computing has its challenges, especially where security is concerned, but they can be overcome.

Data encryption is one of the most important considerations in cloud hosting, whether you are talking about a public cloud, private cloud or hybrid cloud. Cloud security is the most important aspect of hosting in the cloud and just about every IT director who has considered it knows this. But how should you approach it

When it comes to data encryption, you can do it yourself or you can hire a data encryption firm to write your code for you. You might even purchase an off-the-shelf solution. But which one is right for you?

There are pros and cons to each method. If you do your own data encryption then you’ll need to make sure you have the right human resources in your organization to be able to handle it. And don’t just think about today either. That person who does all that coding for you, will he be around next year or five years from now? If not, are his skills and knowledge transferable? Is there someone else in your organization ready to take over if your ace moves on?

Do-it-yourself data encryption can save you a lot of money, but if things go wrong then you own it. You have the responsibility and the headache of fixing it.

If you hire a firm to write your data encryption code then if things go wrong you can always have them fix it. It’s their problem and they know it.

An off-the-shelf program might cost less than hiring a data encryption expert, but it will likely be a lot less customizable. You’re stuck with what you buy even if you don’t like it.

Cloud security is one thing you cannot afford to cut corners with. Data encryption is important. Don’t take it lightly.