The main obstacle hindering mass adoption of cloud computing is the accompanied security issue. Cloud technology is the next milestone in data storage after web applications, client servers and main frame.
Many have resorted to cloud computing model by sending out moderately important data through public servers to test the waters. For high security data, many evolved security measures are undertaken. Even though the adoption of cloud computing is skeptical, its use and utility offers unmatched user advantage in large business organizations for consolidation and easy access to common data.
There are set questions that need to be asked by those considering the employment of cloud applications. These questions encircle the security measures and the application of cloud services. Answering them will give you a better perspective of adopting the model right for you: public, private or hybrid. The questions are:
Employing a cloud model translates to no control over the data, environment and the people accessing it. Sometimes this may prove to be an advantage and many a times a disadvantage. The cloud applications that offer complete transparency, integration with the existing system and advanced reporting reduces the chances of security breach. Those applications with rigid and un-modifiable security measures up the risk. In the end, the selection of security measures depends on the sensitivity of the data stored.
Look at the shift to cloud computing as an alibi to improve your security measures. New security models cannot be created but the existing ones are modified to accommodate additional platform. Policy modification requires a clear justification on the type of data stored, the protection of the data, access to the data, service agreements and regulations compliance.
While designing the required security measures for the cloud, it is important to address how to handle a probable breach? This critical aspect is handled on a client-to-client basis. Policies governing breach notifications or regulations must be met. Ensuring that the cloud provider supports notification requirements should the need arise is imperative.
Data security is a shared responsibility. Ultimately the company collecting the data and not the cloud provider is held responsible for securing the information. If the contract is well negotiated and fool-proof, the responsibility is shared, but from a customer’s perspective, the responsibility is solely yours and not the cloud provider’s.
How to ensure that only appropriate data is moved into the cloud? Do cloud companies adhere to any security standards and best practices (WS-Trust, ISO, SAML or others)?
To understand how to move data, first we must segregate which data is sensitive and build an appropriate security model based on applications and data. This process begins before considering cloud deployment and is crucial for good security. Data leakage protection technology is adopted by many companies to tag and classify data.
Interoperability between applications is important to ensure that cloud will not morph into propriety security silos. The Cloud-standards.org wiki lists out most of the standards practiced in cloud including associated security measures.
Providing this information directly influences the organizations ability to comply with specific regulations. Transparency is very important to make informed decisions. Many factors come into play while considering the trustworthiness of a provider. The questions asked is similar to those when considering an outsourced project, such as vulnerability procedures, SLA’s, contract type, maturity of the service provider, their track record and forward looking strategy.
Change is often looked at with suspicion. Moving to cloud computing is no different. You must weigh in all informed pros and cons. Listed above is just a mere glance on the subject. The answer to these questions will lead to more questions.Bottom of Form