Securing Data in the Cloud


A multitude of factors is leading asset manager to adopt and deploy cloud-based technology for running their infrastructure, cost savings and backup/recovery chief among them.

The cloud outsourcing model, which comes in a variety of favors—Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS)—enables hedge funds and other asset managers to leverage a shared IT platform at a fraction of the cost of maintaining one in house.

In terms of information security, clouds present certain challenges, which tend to fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.

“Many people really do not distinguish between public clouds and the private clouds,” said Grigoriy Milis, chief technology officer of Richard Fleischman & Associates, which provides technology services to hedge funds. “What they need to understand is that a public cloud solution cannot achieve the same amount of security that can be achieved in the private cloud.

Grigoriy Milis, Richard Fleischman & Associates

Grigoriy Milis, Richard Fleischman & Associates

The main reason is that the public cloud solution, quite often, really doesn’t pay as much attention to security, and also doesn’t carry as many security SLAs as the private cloud solution would.

Hedge funds are typically agile, and require robust technology. Using the cloud, hedge funds can implement applications very fast with low capital expense, and it allows them to change applications quickly.

The challenges of securing data in the cloud are similar to the challenges with securing data within one’s own data center. “You’ve got to have good network controls,” said Bryan Doerr, CEO of Observable Networks. “You’ve got to have good security practice around how devices get on and off the network. From that perspective they are similar.”

Where they start to diverge is that the cloud now needs to be connected to your data center and also needs to be connected to the corporate network, so that end-users can access it. “It’s an example of the notion that a well-defined perimeter, with very specific and controlled access points, gets much more complicated with each new node that you introduce into that network,” said Doerr. “The dissolution of this well-defined perimeter persists as a problem.”

The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing, has launched a Software Defined Perimeter (SDP) initiative, which defines an architecture to create highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.

SDP has many use cases, from incorporating BYOD mobile and new generations of devices into enterprise networks, to creating robust virtual private clouds. SDP incorporates security standards from organizations such as NIST and takes inspiration from classified networks implemented at organizations such as the U.S. Department of Defense.

SDP works to mitigate network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized, according to CSA. By making networks “black,” or invisible to devices by default, several types of network attacks are mitigated.

“When selecting a cloud provider, it’s very important for the hedge funds to understand, ‘How does this cloud provider achieve multi-tenancy? How is the data of different funds being segregated? How is the data on different clouds being protected?’” said Milis.

Consumer grade cloud services like cloud file-sharing services are popular because they’re inexpensive. However, they really do not provide the same level of security in data segregation that the private clouds provide, Milis said.

Cloud providers are getting better at introducing security capabilities. “Early versions of cloud infrastructure were less securable,” said Doerr. “The cloud provider, whoever it might be, may not have provided you with the latitude that you had in your own data center to deploy security approaches. Then you were stuck really with the security that the cloud provider enabled for you. As time has gone on, we’re getting better and better.”

Featured image via DFC

Related articles

  1. ICE CRED provides carbon credit markets with a reliable and rigorous reference data service.

  2. From The Markets

    FIA Launches ETD Tracker

    Online tool displays data on the trading of exchange-traded derivatives.

  3. Under the new agreement, TNS can deliver TASE market data globally.

  4. The first phase of the rewrite was originally due to be implemented in May 2022.

  5. The new benchmarks, with Uniswap launched this year, capture 40% of value in DeFi protocols on Ethereum.