Is cloud computing safe computing?
Corporate entities cutting across scale and verticals can be heard discussing a curious topic, a topic that evinces both interest and as they say alarm in some quarters. And the topic is none other than “cloud computing”, which seems to have taken IT management world by a storm.
It appeals to C level executives, since implementing it seems to mean that they don’t have to spend more on data storage or server maintenance. Although online data storage has been in vogue as long as the internet, it has got a big push of late.
It’s natural that people would put questions about the credentials before adopting a new technology howsoever effective it might be. And in this case, the pivotal question centres around one single point and that is ‘data security’. However, It doesn’t cloud my consideration when I see a techy or a CIO baiting big on data security by way of switching to the cloud technology.
Different People and organizations tend to question:” Should we shift to the cloud? Is it safe? What ROI should we be getting if we shift?
Well, the perview of the debate would restrict us only to the safety aspect here.
The basis of cloud computing is that information is stored online somewhere. You can access it whenever you like, from any computer. This is the reason why it appeals to companies out in the haunt for ideas to reduce their storage costs. Online data storage looks to be a reasonable alternative to expensive servers for storage, keeping IT person(s) to manage it, and extra bucks to fork out for security policies etc. and, of course, stock-taking of the ROI.
The Cloud also can serve as an excellent haven for your favorite pics and music, something even the greatest of all cloud-sceptics won’t deny.
However, when it comes to personal information that a business would have to maintain on their clients and customers, it throws a serious issue to the debate dais.
To start with, skeptics would say we don’t have any clear idea about where the data is being stored. That we are handicapped about the first idea what the data security will be like. If it’s a corporate server farm, it could be reasonably good, or it may not be good. Data security. What they never speak to you is that, on the first level, data security is about physically protecting the hardware that chambers the data.
Not just that, they try to obliviate the fact that your data on the LAN is highy prone to phising attacks despite having in place the most potent anti-spam, anti-virus installed on the network and individual machines. When something happens, we learn to live with it while keep searching for more secure means to protect data.
On the other hand cloud computing is governed by sound cyber law and ensures such a potent flexible, any time, any moment availability of business-critical data, extending numerous benefits on its clients: a data center, controlled by a vendor, access to employees to share, edit, store and play files over the Internet from any location in the world. Google’s Gmail, Apps, Docs and Sites are all forms of cloud computing. However you choose to define it, cloud computing will reshape the way you work.
The argument on the safety of the servers is not ill-founded. Yet what we lose sight of is that on closer inspection, the more severe concern isn’t about the servers, but the people who access them on a daily basis. Thus, to best guard the information is to keep vigil on the handlers of the data.
In similar vein, a bigger question about the safety of the Cloud is about ‘whom the consumer can hold accountable for the security of their personal information’. Cyber law underlines guidelines for companies that maintain personal information, viz, how it must be protected, how it is used, and how it can be destroyed, and, more important, provision for penalties for failure to protect the information. The law has provisions for ensuring any third party – that the company gives information to –to protect it as the company would have done. Thus, there are legal provisions in place to ensure safety too, although nobody can claim it’s 100% cyber attack-proof.
Once an organization reaches maximum capacity on the number of users or file storage capabilities, an outside vendor will serve them better. Then, the business model morphs into a pay-as-you-grow type. It can increase capacity or add capabilities on the fly, based on its needs. It allows for responding quickly to sudden market changes. The cloud takes care of itself, provided people know how to use it. It allows businesses to focus on their core areas.
Trust has come to be the greatest accelerator in cloud computing’s growing adoption. When cloud applications get beyond simple metrics to delivering insights and useful intelligence on secured platforms, it is winning more and more CIO’s trust.
Recently, even Microsoft have jumped on the cloud computing bandwagon, since cloud-based services generated over $68 billion last year and is projected to hit around $150 billion by 2014.
The recent Cloud computing outages such as Amazon’s, or security snafus such as the Sony story have dealt some beating to cloud computing. But what about the thousands of computing failures that happen on a daily basis in companies of all sizes? Yes, cloud computing is fallible, but exactly in the same way as any computing system, regardless of where it’s located.
So why abandon motoring altogether just because your grandpa had met a fatal accident?
In today’s evolving information economy, where companies are facing severe pressure to reduce cost and conserve cash to face market uncertainties, cloud computing offers an immense opportunity to IT departments to convert fixed costs to variable costs and conserve cash.
But as we are aware too much of good things are not good, hence cloud computing also brings some amount of threats and challenges to the organizations.
Security ranks right at the top of the list of challenges irrespective of whether a company has started it cloud journey,planning to start one, or evaluating cloud as a viable alternatives,and in many cases these concerns are justified.
In one of its publications, Cloud Security Alliance has pointed out some most critical and important security challenges for cloud adoption. The alliance stated that cloud computing can be abused most nefariously in many ways. The abuses cited included Computing Insecure Application Programming Interfaces, Malicious Insiders, Shared Technology Vulnerabilities, Data Loss/Leakage, and Account, Service & Traffic Hijacking and Unknown Risk Profile.
Let us discuss how these things affect an enterprise in its cloud journey.
Hackers and unethical users continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their unlawful activities. Though most of the cloud services providers provide the option of stricter security norms and advance tools, many cases enterprise IT departments do not apply those norms and tools to increase ease of use.
Organizations need to adopt stricter initial registration and validation processes, comprehensive introspection of customer network traffic and a process for auditing the security breaches in the applications to ensure that application programming interfaces are secure.
The threat of a malicious insider is one of the most known threats for IT security. This threat is amplified for cloud deployment by the convergence of internal access, easier deployment method, and consummerization of IT.
The malicious insiders can have severe impact on an organization, given their level of access and ability to infiltrate organizations and assets.
IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructurewere not designed to offer strong isolation properties for a multi-tenant architecture. To manage this threat, organizations need to evaluate the IaaS providers properly and should take help of experts system integrators in this evaluation.
Insufficient policies and implementation of authentication, authorization, and audit (AAA) controls; inconsistent use of encryption and software keys, along with data center reliability; and disaster recovery, pose a major data theft and data loss challenge. Organizations need to have a stronger mechanism for formulating policies as well as for proper implementation of these policies to manage this challenge.
Account and service hijacking, usually with stolen credentials, remains a top threat for cloud implementation. Confidentiality, integrity and availability of cloud based services can be compromised using these stolen credentials. Organizations need to be aware of these techniques device proper strategies to thwart these attacks and contain the damage in case of a breach.
We can understand from the above discussion that though there are certain risks associated with cloud deployment, these risks can be mitigated by devising and implanting proper IT policies.