Blog

Cloud storage security: comparative study

Today the use of cloud-based storages is becoming more and more popular. Indeed, why should you care about  buying and configuring the server, ensuring its physical and virtual stability, if instead you can actually afford to buy any number of virtual machines and change their quantity  depending on the influx of visitors to your resource.
28 August 2014
Cloud-based testing
Cybersecurity testing
Article by a1qa
a1qa

Today  the use of cloud-based storages is becoming more and more popular. Indeed, why should you care about  buying and configuring the server, ensuring its physical and virtual stability, if instead you can actually afford to buy any number of virtual machines and change their quantity depending on the influx of visitors to your resource. The article by Anna Andreeva, security testing engineer.

Cloud providers allow you to get fast access to all the necessary equipment for virtual work both small sized and enterprise applications with complex business logic and numerous services. In addition, development process of cloud web application does not differ much from applications written in a conventional computer. Definitely, it is convenient. Especially if you must run the project in the short term  and it’s difficult to predict  the number of users. In such cases, cloud “infrastructure as a service» (IaaS) is convenient which offered by a dozen of eminent providers.

However, how safe it actually is to store your data in the cloud? After all, if the server is not in the next room  and  the door is locked with a key, someone definitely has access to it – at least network provider staff.

How safe is the transmission of data from client to the cloud storage? And back? That’s what two most popular providers offering cloud infrastructure are saying about their safety.

Perhaps,  the most famous provider of cloud infrastructure is Amazon EC2, which has long been a leader among competitors.

What the customer gets when entrusts the product to Amazon?

  • Multilevel security. Security mechanisms implemented at several levels:  for host operating systems, virtual instances and virtual guest OS, as well as firewalls and API calls.
  • Hypervisor. Amazon EC2 uses a modified version of the Xen hypervisor, which can significantly improve the performance of virtual machines through paravirtualization. And access to the CPU implemented with separate privileges:  Host OS has the highest level (0), the guest OS – level 1, and the applications have the least privileges (level 3).
  • Isolation instances. Multiple guests can be deployed on one physical machine. Although instances do not have direct access to the physical disk, they are given the virtual data storages.  In order data from different applications do not influence each other in the case of disk space liberation, information from each of the storage units is automatically deleted (the value is set as zero). Memory is not returned to the pool of free memory until the reset process completes.
  • Security of the host OS. Multifactorial authentication system is envisaged for administrative access to the hosts management.  If an employee no longer needs in such access his account canceles.
  • Host OS security. Support of  security here lies entirely on the development team, as provider does not have access to both  – the instances and guest operating systems that are installed on them. It is in fact a strong side in the context of application security (provider can not get the customer’s data) but also creates  potential vulnerabilities for attacks.  Configuration errors can potentially give attacker access to applications, data, and even entire virtual machine.
  • Firewall. By default, all firewall’s  ports are closed. This means that the customer himself must vividly  open the ports for incoming traffic. Amazon provides the ability to split  the levels of access groups (Security Groups).
  • API access. API calls to start or interrupt instances, change firewall settings and other functions signed by a secret key (Amazon Secret Access Key). Access to API is impossible without it. In addition, the API calls are encrypted using kriptogafical SSL protocol.

Read the second part here.

The artilce Cloud Storage Security: AWS Vs.Azure by Anna Andreeva was published in Network Computing online edition, you can read the full version here.

More Posts

2 December 2024,
by a1qa
6 min read
Addressing 4 security issues for digital transformation programs
Find out the top 4 safety challenges of digital transformation and a QA playbook to address them and contribute to a higher level of cybersecurity.
Cybersecurity testing
black-friday
5 November 2024,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
QA for retail software
29 August 2024,
by a1qa
4 min read
QA to address key pain points in retail 
Explore how QA helps address the main challenges that retailers face when developing software.
Cybersecurity testing
Functional testing
Performance testing
Usability testing
QA for fintech
7 May 2024,
by a1qa
5 min read
Navigating the fintech frontier in 2024: QA’s role in delivering high-quality financial software 
Unveil the future of fintech innovations and learn to refine their quality with the help of software testing.
Blockchain app testing
Cybersecurity testing
Quality assurance
Telecom trends 2024
15 April 2024,
by a1qa
5 min read
QA’s role in adopting telecom trends for 2024 
Let’s dive into the transformative trends set to redefine the telco industry in 2024 and discover QA strategies to adopt them with precision.
Cloud-based testing
Cybersecurity testing
Functional testing
General
Migration testing
Performance testing
QA trends
Quality assurance
Test automation
On the pulse of 2024: optimizing the adoption of eHealth trends with QA
15 February 2024,
by a1qa
4 min read
On the pulse of 2024: optimizing the adoption of eHealth trends with QA
Generative AI, cybersecurity, AR/VR — come and explore how these trends are reshaping the future of healthcare and how QA helps implement them with confidence.
Cybersecurity testing
Functional testing
Performance testing
QA trends
Navigating the future: QA trends that will define 2024. Part 2
30 January 2024,
by a1qa
4 min read
Navigating the future: QA trends that will define 2024. Part 2
We continue exploring QA trends, helping businesses remain competitive in 2024.
Cloud-based testing
Cybersecurity testing
QA trends
Quality assurance
The year in valuable conversations: recapping 2023 a1qa’s roundtables for IT executives 
8 December 2023,
by a1qa
3 min read
The year in valuable conversations: recapping 2023 a1qa’s roundtables for IT executives 
From dissecting novel industry trends to navigating effective ways of enhancing software quality — let’s recall all a1qa’s roundtables. Join us!
Big data testing
Cybersecurity testing
Functional testing
General
Interviews
Performance testing
QA trends
Quality assurance
Test automation
Usability testing
Web app testing
6 top reasons why business should invest in software quality
9 November 2023,
by a1qa
4 min read
6 top reasons why business should invest in software quality
We congratulate you on the World Quality Day with the article by Alina Karachun, Account director at a1qa, having 10+ years of QA expertise. Delve into it to explore the reasons why businesses should prioritize software quality.
Cybersecurity testing
Functional testing
General
Interviews
Performance testing
Quality assurance

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.