TEA Blog


As more companies begin to explore the benefits of cloud computing, it was found that this solution had the potential to:

  • Reduce costs

  • Provide more flexibility

  • Reduce IT management of hardware and data

  • Reduce management of web applications through automated updates

  • Provide greater storage capacity

While the advantages of a cloud solution are evident, there are many who also have been quick to point out the fact that there are plenty of security concerns one faces when considering moving to the cloud.


The debate as to how secure moving applications and data to the cloud is such an area of concern that the topic consumed much of the discussion at the 2009 RSA conference. These ongoing debates have sparked a number of security experts to identify a number of threats to cloud computing to include;


Moving data to the cloud requires a great deal of trust in the host since they are essentially housing all of your data. If they fail to put adequate security controls in place between the client and data, a number of attacks can be used to compromise sensitive information. SQL Injection attacks, compromised servers, and session hijacking can all lead to cyber criminals harvesting your data on someone else's watch.


While this is also noted as one of the benefits cloud computing, it can also cause problems. As web applications grow in popularity, more companies rely on them as an integral part of how they do business. Moving these applications to the cloud should mean that the management of these apps is taken care of, but this usually means automated updates, not complete security. In fact, George Reese stated in his article, Twenty Rules for Amazon Cloud Security - "Above all else, write secure web applications."

The fact is, while your cloud provider may handle necessary updates of your software, they are not going to review your code for potential vulnerabilities; make sure your input and output validated, escaped, and filtered; and that your application is protected against other methods of exploiting common threats like Cross-Site Scripting.


The very nature of the cloud means that resources are shared as they are needed. Traditional perimeter security in the cloud doesn't work in the same way. For instance, using Amazon's Web Services you may find yourself restricted when it comes to checking logs and deploying tools like traffic sniffers and intrusion detection systems. Essentially, not your perimeter so the way you used to protect it has changed. Some terms of service even prevent you from running vulnerability scans making it virtually impossible to perform a code review. For PCI compliance, this can present a major problem.


Even though data and applications running in the cloud are exposed to a number of security threats, a strong push industries such as healthcare and , as well as support from Google, IBM, Amazon, and other IT powerhouses, means that solutions to these security related problems need to be identified.

One way to protect against threats to your web applications and data is to deploy a Web application Firewall as a software solution. No additional hardware is required on the part of the cloud provider and in can be installed directly in front of your applications.

When deployed correctly, a Web Application Firewall protects your web applications from known threats including:

  • Path Traversal

  • Known worms

  • Remote Command Execution

  • Probes

  • Denial of Service attacks

  • Compromised servers

Web application Firewalls also take traditional security much further. By performing a deep inspection of traffic on the web service layers they are able to stop threats that intrusion detection and prevention systems often miss.


attack the most vulnerable , and they attack the biggest possible pool of victims they can. As more IT departments are forced to scale back, cost saving initiatives like cloud computing become even more attractive.

While cloud computing provides managed services, you are still responsible for compliance. No provider will assume this responsibility for you simply because they are managing your applications and data. In order to comply with regulations like PCI DSS, HIPPA, SOX, and the many others it is essential that security one of the most important factors when making the decision to move to the cloud.

By acting as a Security-as-a-Service solution, is able to provide protection to web servers whether the admin has an extensive background in security or just a minimal amount of knowledge on the subject. In just 10 clicks, a web administrator with no security training. Its predefined rule set offers protection that can be easily managed through a browser-based interface with virtually no impact on your web sites performance.

Architected as plug & play software provides optimal out-of-the-box protection against DoS threats, Cross-Site Scripting, SQL Injection attacks, path traversal and many other web attack techniques.

The reasons to a comprehensive security solution to your web application security hosted in the cloud are:

  1. Strong security against known and emerging hacking attacks even zero-day vulnerabilities can be stopped before they exploit your .

  2. Best-of-breed predefined security rules for instant protection.

  3. Interface and API for managing multiple servers with ease. This works especially well with multiple virtual servers in the cloud.

  4. Requires no additional hardware, and easily scales with your business. Your cloud provider is not required to do anything. The software can be easily installed by your staff without the need for additional support from your cloud provider.

ARTICLE SOURCE: This factual content has not been modified from the source. This content is syndicated news that can be used for your research, and we hope that it can help your productivity. This content is strictly for educational purposes and is not made for any kind of commercial purposes of this blog.