Dark security clouds are gathering above what has been termed “cloud computing”– the resourceful Software as a Service (SaaS) model that provides applications, memory space and other services to companies who need them. The introduction of cloud computing saw rave reviews for this storage and administration model, with pundits calling it the next paradigm shift in the world of computing. The silver lining that shone so bright a year or so ago has now dimmed to invisible levels, and people are wising up to the security issues that go hand in hand with cloud computing.
Protecting your information on your own systems is a task that’s hard to manage even with the best of resources, and so, it makes sense to turn to the big guns like IBM, Google, Amazon, Dell and others when you’re a fledgling in the security department. You believe that they have the wherewithal to provide adequate protection for your data and applications. But the attack on Amazon’s cloud servers sometime during the middle of 2008 has turned the tide, and security has become a huge concern again.
Research firm Gartner lists these factors among the top security concerns in cloud computing –
- user access to data and information
- compliance with regulations
- location of the data
- the encryption used at every level
- recovery measures in the event of a security breach
- investigative support
- long-term viability of the agreement between the provider and the user.
The biggest security concern with cloud computing is the issue of trust:
- How do you know for certain that the key people who manage your data and applications on the cloud are completely trustworthy?
- Who else besides you has access to sensitive information?
If an MP3 player bought at a thrift store for a mere $9 is found to hold secret military information, it means that the Pentagon’s security system itself is a serious cause for concern. If a question mark hangs over something as important as national security, how safe is the information belonging to the rest of us?
Another issue that looms large when we consider cloud computing is the fact that we’re putting all our eggs in one basket. Hackers know that if they’re able to render one cloud vulnerable, they can have a field day – they can bring down a host of sites and steal a ton of information. It’s like bringing down an entire world with just one humongous weapon.
Besides this, there’s also the fact that data storage is not standardized – each provider of cloud computing services has its own formats and standards, and this makes it more difficult to switch to a different host when you feel that your current provider has been compromised.
These are the early days of cloud computing, and I’m sure many more security concerns will emerge out of the woodwork as the days go by and hackers try new tricks to gain entry into these networks. The only silver lining in these dark clouds is that there is always some brainstorming going on as to how to keep one step ahead of the bad guys and protect sensitive data and applications.
Contributed by guest blogger - Holly McCarthy, who writes on the subject of Criminal Justice careers. She invites your feedback at hollymccarthy12 at gmail dot com
ShortInfosec thanks for the contribution.
Talkback and comments are most welcome
Cloud Computing - Premature murder of the datacenter
Labels: information security