Two important concerns related to cloud computing are administration and security. These concerns are augmented as there is external control over the organizational asset and the potential for mismanagement of those assets. Transitioning to public cloud involves the handover of responsibility and control to Parkar along with the information and system components now under our control. With the inherent loss of control, customers need to take responsibility for its use of cloud computing services to maintain situational awareness, weigh alternatives, set priorities, and effect changes in security and privacy that are in the best interest of the organization. We offer a contract to our customers and its associated cloud service agreement with appropriate provisions for security and privacy. The agreement helps to maintain legal protections for the privacy of data stored and processed in our systems.
Parkar’s Cloud security initiatives –
While developing and maintaining cloud applications for our clients, we adhere to the following measures and –
- Strong governance – In a public cloud, our customers transfer control to Parkar that can create threat to security. We create strong governance of the application toavoid any threat or security concerns
- Develop architecture for roles, responsibilities and authorization – We define and set clear flow of data and application access and adhere to the authorization model strictly
- Application Protection – With the efforts of infrastructure security responsibility to Parkar enterprises need to rethink perimeter security at the network level, applying more controls at 3 levels – user, application and data level. The same level of user access limitation and protection should be applied to workloads deployed in cloud services as to those running in traditional data centers. This needs creating and managing workload-centric policies as well as implementing centralized management across distributed workload instances.
- Isolation failure – Two important factors Multi-tenancy and shared resources are known characteristics of public cloud computing. The termination of a contract with Parkar may not result in complete deletion of the customer’s data. Backup copies of data usually exist., The advantage of multi-tenancy (the sharing of hardware resources) represents a higher risk to the customer compared to dedicated hardware.
- Compliance and legal risks – The users participation in achieving certification (e.g., to demonstrate compliance with industry standards or regulatory requirements) may be lost if Parkar cannot provide evidence of their own compliance with the relevant requirements. It is the customer‘s responsibility to must check that we have appropriate certifications in place.
- Handling of security incidents – The detection, reporting and management of security breaches is delegated to Parkar, but these incidents impact the customer. Notification rules need to be made clear in the cloud service agreement so that customers are well informed.
- Management interface vulnerability – Connecting interface to manage public cloud resources are usually accessible through the Internet. Since they grant permission to access larger sets of resources than traditional hosting providers, they pose an increased risk, especially when combined with remote access and web browser vulnerabilities
- Data protection – The major concerns of Data are exposure of sensitive data and the loss of data. It becomes difficult for the customer to check the data Parkar’s handling practices
- Internal Malicious behaviour – Damage caused by the malicious actions of resources inside an organization can be substantial as they have the access and authorizations to data and applications. This might occur within either or both the customer organization and Parkar’s cloud environment.
- Visibility and Audit – Some users are create a “shadow IT” by controlling the cloud services to build IT solutions without explicit organizational approval.