discussion on the security of digital archives and electronic document storage took place in Tula as part of the 3rd Interregional Conference on Information Security and Information Interaction in the Central Federal District.
Konstantin Ganeev, Deputy Director for the Modern and Prospective Mobile Communication Networks Department of the High-Tech Project Office of the Digital Economy ANO, noted that despite the security issues with cloud services and the fact that some of them can “turn into a brick” at any moment, their popularity in the business environment is growing.
"In many cases, there is no bolivia whatsapp resource alternative to this approach. If we take enterprises with geographically distributed resources, it is much more cost-effective for them to use cloud tools than to buy software or hardware systems for each branch or location," Konstantin Ganeev gave an example.
At the same time, according to him, while some of the security problems with cloud services have already been solved - for example, data decrypted in RAM is also encrypted "on the fly" - vulnerabilities in the infrastructure remain.
"The classic threat model is vulnerabilities in operating systems, modules, components and protocols, the protection of which is solved by installing firewalls, firewalls, anti-virus protection tools and other components. The second type of attack is associated with the multi-layered nature of the cloud, so each part must use its own means of protection: for a proxy - protection from DDOS attacks, for a web server - page integrity control, for an application server - an application-level screen, for a DBMS - protection from SQL injections. These protective mechanisms have already been created separately, but they are not assembled together for comprehensive protection. Therefore, when creating cloud solutions, it is necessary to solve problems of their integration," noted Konstantin Ganeev.
According to him, given that cloud clients connect to them via a browser, the model considers threats such as password theft, web session interception, "man in the middle" and many others. "The protection is known - it is correct authentication and the use of an encrypted connection. But we all know that there are still many unsolved problems in this area, so there is always scope for companies to operate," added Konstantin Ganeev.
"Yes, there are risks, but clouds can be safe. The world has developed a large base for ensuring cloud security. In Russia, an order was issued that defines the regulatory framework for the requirement to protect data and virtualization tools," he recalled.
Need a rating
Deputy Head of the ICT Department of the Presidential Property Management Department of Russia Ilya Kostunov recalled that cloud technologies, due to their growing popularity, are becoming an object of increased interest from hackers, and personnel errors lead to increasingly negative consequences.
"A year ago, we discussed the creation of a unified PLM system (Product Lifecycle Management: application software created to control the life cycle of manufactured products) to replace Siemens, which left Russia. And one of the mainstream solutions was a cloud PLM system, which is why one half of the hall, representing the defense industry, sat pale, and the other half also had questions, but for some other reasons," recalled Ilya Kostunov. He added that the issue of creating a unified PLM system has not yet been resolved.
According to Ilya Kostunov, one way to improve cloud security could be a provider rating, which could be compiled in a similar way to the rating of credit financial systems. "It seems to me that ANO Digital Economy could take a step in this direction," suggested Ilya Kostunov, adding that the organization could become a provider of such a service.