Cloud computing is becoming more and more popular today and is ever increasing in popularity with large companies as they share valuable resources in a cost effective way. At the same time, leaks and thefts are occurring with increased frequency.
Cloud computing is a paradigm rapidly being embraced by government and industry as a solution for cost-savings, scalability, and collaboration. Cloud computing offers real alternatives to IT departments for improved flexibility and lower cost.
The technology is of course not without its flaws. One of the main issues is security. Cloud computing and web services run on a network structure so they are open to network type attacks. One of these attacks is the distributed denial of service attacks.
According to analyst firm Gartner, cloud computing is fraught with security risks. Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. Ask questions related to the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that's been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.
The 3 main aspects of cloud computing are software as a service, platform as a service and infrastructure as a service. Here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor:
- Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access,"
- Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions
- Data location. When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers.
- Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.
- Recovery. Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. Ask your provider if it has "the ability to do a complete restoration, and how long it will take.
- Investigative support.. Investigating inappropriate or illegal activity may be impossible in cloud computing.Cloud services are especially difficult to investigate, because logging and data for multiple customers may be
co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible.
- Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. "Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application."
|
-->
|
Conclusion:
loud computing technology has been improved and network technology has also been
improved a real golden opportunity exists for the future. Each cloud solution must however be tailored to each company but they can all benefit from the numerous advantages the technology brings to the table.
By embracing a new ecosystem of cloud-based security solutions, businesses can safely extend their virtual security perimeter while still complying with privacy regulations.
Source: http://www.idi.ntnu.no/emner/tdt60/papers/Cloud_Computing_Security_Risk.pdf
0 comments:
Post a Comment