Using CIA three to define the availability of cloud computing risk and protection measures

This article aims at the risk type of cloud computing using classic "CIA three", namely confidentiality, integrity and usability to define, and put forward relevant defense, detection, blocking measures. This section describes availability.

"A": Availability (availability) risk

These risks are closely related to the vulnerabilities and threats of service reliability, taking into account the need to reliably use services with low risk and low failure rates.

1 service rejection

A denial of service (DoS) or Distributed denial of service (DDoS) attack is an attempt to make a computer resource unavailable to its intended users. It often involves using multiple communication requests to saturate the target machine so that it does not respond to legitimate communication requests or is effectively released in response to the user, which is not available to users. Cloud services are particularly vulnerable to DDoS attacks that measure volume, with a large number of hosts pouring into cloud networks and servers, which carry more data than they can handle and put themselves in a standstill state. Application-based DDoS attacks for cloud services are also very effective for specific applications in this cloud infrastructure, such as Web servers or databases. In addition, distributed reflection denial of service (DrDoS) attacks are more "effective" in causing victim systems to resend packets used to plug the network, and they work better in a cloud environment. Especially in a single attack, an attacker who wants to take up more infrastructure than an individual organization or computer can target a cloud provider, especially if the provider is famous, giving the attacker "glory" or being subjected to retaliation by hackers or hacker groups.

Defense: Select a service provider that has a solid protection against network attacks. Firewall and network filtering is implemented at the network boundaries of cloud computing infrastructure (primarily internet access points) to protect against attacks and hostile networks that exploit the Internet blacklist. In addition, redundant vendors are used because attacks on one vendor environment may not affect the other.

Detection: Select a service provider to perform and monitor intrusion detection on a 24x7 basis and sign all appropriate additional services associated with the feature.

Block: Collaborate with the legal department of a service provider to ensure that an attacker is found and prosecuted.

Residual risk: Since most Dos attacks come from other countries, they are difficult to detect and track, so there are few responses to attacks that have passed the Environmental Defense facility.

2) Interruption

Any accidental interruption or a computer system or network unreachable.

Defense: The primary defense against any service interruption is redundant. Ensure that your environment automatically switches to different vendors when you break. In addition, a solid recovery scenario is used to prepare for an extended outage.

Instrumentation: Apply monitoring tools to continuously monitor the availability and response time of the cloud environment.

Blocking: interruptions are costly. Calculate the interruption cost and ensure that the contract with the service provider indicates that the actual cost incurred can be compensated, not just the cost of the service itself.

Residual risk: Because the interruption usually occurs because of software problems, there are few measures we use to defend against it.

3 Instability and application failures

Loss of functionality due to software or firmware problems (bugs) or defects in the computer or network. Program freezes, locks, or crashes cause a slow response.

Defense: Ensure that vendors are able to perform all software updates for their infrastructure frequently. This applies to all customer-owned virtual systems as well.

Instrumentation: Enables business monitoring to detect and alert an application when it does not respond correctly.

To prevent: Clearly set the service provider's expectation of maintaining a stable environment in legal language.

Residual risk: The instability of applications and infrastructure is usually due to software problems, so we have very few defensive measures.

4) Slow

Unacceptable response time for a computer or network.

Defense: Use redundant providers and Internet connections to create a schema that allows applications to automatically switch to the fastest environment. Also, make sure that the service provider has implemented High-capacity services that automatically expand resources.

Instrumentation: Continuously detects the response time of the underlying application and ensures that the alert has an Out-of-band path to support the worker so that the response problem does not prevent the alert from being delivered.

Block: Establish a contract language with a service provider that can provide punitive damages for your unacceptable response time.

Residual risk: A delay or slow response can be seen as a form of interruption, and the disruption caused by software and capacity issues will continue to be maximized.

5 High Availability cluster failure

We found that the device that should fail over was not actually taken over at the right time.

Defense: Monitor the robustness of level two systems and all systems in a high-availability cluster.

Detection: Periodic failover testing.

Blocking: From a service provider's point of view, they have little preparation to make sure that the customer system is switching as expected.

Residual risk: Sometimes a primary device slows down to no response to all practical uses, but not because the software is formally "slowed down", so the backup system does not take over.

6) Backup failure

We find that the data backups you're relying on are actually not working.

Defense: Use of provider resiliency to avoid traditional offline backup (tape or optical).

Detection: Frequent recovery tests are performed to verify the resilience of the data.

Block: Create data in contracts with service providers--lost terms, and they will be responsible for accidental data loss.

Residual risk: Backup fails, but multiple recovery paths can eliminate most of the risk. The practice of backing up data has been a long time, so it is one of the most reliable security measures. As long as the data is properly backed up, it can exist all the time, so most of the remaining risk in this case is caused by unqualified data replication or insufficient attention to the event.