Security Concerns Cloud “Cloud Computing”

Dark security clouds are gathering above what has been termed “cloud computing”– the resourceful Software as a Service (SaaS) model that provides applications, memory space and other services to companies who need them. The introduction of cloud computing saw rave reviews for this storage and administration model, with pundits calling it the next paradigm shift in the world of computing. The silver lining that shone so bright a year or so ago has now dimmed to invisible levels, and people are wising up to the security issues that go hand in hand with cloud computing.

Protecting your information on your own systems is a task that’s hard to manage even with the best of resources, and so, it makes sense to turn to the big guns like IBM, Google, Amazon, Dell and others when you’re a fledgling in the security department. You believe that they have the wherewithal to provide adequate protection for your data and applications. But the attack on Amazon’s cloud servers sometime during the middle of 2008 has turned the tide, and security has become a huge concern again.

Research firm Gartner lists these factors among the top security concerns in cloud computing –

  • user access to data and information
  • compliance with regulations
  • location of the data
  • the encryption used at every level
  • recovery measures in the event of a security breach
  • investigative support
  • long-term viability of the agreement between the provider and the user.

The biggest security concern with cloud computing is the issue of trust:
  1. How do you know for certain that the key people who manage your data and applications on the cloud are completely trustworthy?
  2. Who else besides you has access to sensitive information?

If an MP3 player bought at a thrift store for a mere $9 is found to hold secret military information, it means that the Pentagon’s security system itself is a serious cause for concern. If a question mark hangs over something as important as national security, how safe is the information belonging to the rest of us?

Another issue that looms large when we consider cloud computing is the fact that we’re putting all our eggs in one basket. Hackers know that if they’re able to render one cloud vulnerable, they can have a field day – they can bring down a host of sites and steal a ton of information. It’s like bringing down an entire world with just one humongous weapon.

Besides this, there’s also the fact that data storage is not standardized – each provider of cloud computing services has its own formats and standards, and this makes it more difficult to switch to a different host when you feel that your current provider has been compromised.

These are the early days of cloud computing, and I’m sure many more security concerns will emerge out of the woodwork as the days go by and hackers try new tricks to gain entry into these networks. The only silver lining in these dark clouds is that there is always some brainstorming going on as to how to keep one step ahead of the bad guys and protect sensitive data and applications.

Contributed by guest blogger - Holly McCarthy, who writes on the subject of Criminal Justice careers. She invites your feedback at hollymccarthy12 at gmail dot com

ShortInfosec thanks for the contribution.

Talkback and comments are most welcome

Related posts
Cloud Computing - Premature murder of the datacenter

8 comments:

Chameleon said...

Most interesting information, thoughtfully presented. I've never been terribly comfortable with the concept of "cloud computing" - I like things on my own computer and my own server. Your post puts my discomfort into clearer perspective. Yes, giving hackers a big target to aim at practically begs for big trouble.

L. Venkata Subramaniam said...

Very useful. I am beginning to explore the area of cloud computing. I still cannot figure out what is different from grid computing or cluster computing.

In terms of security. I believe google may be running a cloud. Isnt good data well protected?

L. Venkata Subramaniam said...

I meant isnt google data well protected. They are the most accessed site today.

indiaprab said...

such a nice post....
subscribed..

saunan said...

I like it u blog friend and real SSmile 4 u today, SSmile back too

ibdragon said...

Data security is pretty much an oxymoron. Recognize that the profit incentive impacts everyone who has your data. How can we trust a data security pledge from any corporate entity when business ethics too is an oxymoron? With that in mind, you may want to evaluate what data you put in your profiles on any social site.

Prem Godara said...

Data availability might be big issue in cloud computing. Today we saw Gmail down for around four hours. Google termed it as small issue in database but who knows. In case, if you need your data urgently and u r not even able to access your own data then whats the use. On long term basis, will it be cost effective because in my country i pay around 35 dollars/month for internet. If you buy a new system, it will cost me around 200 dollars which i can use for many years. I feel on long term its not cost effective too. whats other people's say?

swagat said...

CSO at Zynga & Co-founder of Cloud Security Alliance, Nils Puhlmann will provide an overview of where we are today and what areas of cloud security are actively being worked on in the industry at the third season of Business Technology Summit 2o1o in Bangalore. Further he will discuss about the specific risk and threat areas and how can they be mitigated? What other security efforts are underway in the industry to ensure that security is a key part of every cloud offering? For more information log on to www.btsummit.com

Designed by Posicionamiento Web