Post Debate
In the opinion of the house...
Vote:
18%
82%

Is cloud computing safe computing?

1st April 2013 | By Mouseworld Now Correspondent | 1 Comment
In White
For the Motion
Santaram Mishra
Senior Business Analyst, Blue Cross Blue Shield, Washington DC, USA
In Gray
Against the Motion
Somenath Nag
Director – Business Development and Marketing, Alten Calsoft Labs

Corporate entities cutting across scale and verticals can be heard discussing a curious topic, a topic that evinces both interest and as they say alarm in some quarters. And the topic is none other than “cloud computing”, which seems to have taken IT management world by a storm.

It appeals to C level executives, since implementing it seems to mean that they don’t have to spend more on data storage or server maintenance. Although online data storage has been in vogue as long as the internet, it has got a big push of late.

It’s natural that people would put questions about the credentials before adopting a new technology howsoever effective it might be. And in this case, the pivotal question centres around one single point and that is ‘data security’. However, It doesn’t cloud my consideration when I see a techy or a CIO baiting big on data security by way of switching to the cloud technology.

Different People and organizations tend to question:” Should we shift to the cloud? Is it safe? What ROI should we be getting if we shift?

Well, the perview of the debate would restrict us only to the safety aspect here.

The basis of cloud computing is that information is stored online somewhere. You can access it whenever you like, from any computer. This is the reason why it appeals to companies out in the haunt for ideas to reduce their storage costs.  Online data storage looks to be a reasonable alternative to expensive servers for storage, keeping IT person(s) to manage it, and extra bucks to fork out for security policies etc. and, of course, stock-taking of the ROI.

The Cloud also can serve as an excellent haven for your favorite pics and music, something even the greatest of all cloud-sceptics won’t deny.

However, when it comes to personal information that a business would have to maintain on their clients and customers, it throws a serious issue to the debate dais.

To start with, skeptics would say we don’t have any clear idea about where the data is being stored. That we are handicapped about the first idea what the data security will be like. If it’s a corporate server farm, it could be reasonably good, or it may not be good. Data security. What they never speak to you is that, on the first level, data security is about physically protecting the hardware that chambers the data.

Not just that, they try to obliviate the fact that your data on the LAN is highy prone to phising attacks despite having in place the most potent anti-spam, anti-virus installed on the network and individual machines. When something happens, we learn to live with it while keep searching for more secure means to protect data.

On the other hand cloud computing is governed by sound cyber law and ensures such a potent flexible, any time, any moment availability of business-critical data, extending numerous benefits on its clients: a data center, controlled by a vendor, access to employees to share, edit, store and play files over the Internet from any location in the world. Google’s Gmail, Apps, Docs and Sites are all forms of cloud computing. However you choose to define it, cloud computing will reshape the way you work.

The argument on the safety of the servers is not ill-founded. Yet what we lose sight of is that on closer inspection, the more severe concern isn’t about the servers, but the people who access them on a daily basis. Thus, to best guard the information is to keep vigil on the handlers of the data.

In similar vein, a bigger question about the safety of the Cloud is about ‘whom the consumer can hold accountable for the security of their personal information’. Cyber law underlines guidelines for companies that maintain personal information, viz, how it must be protected, how it is used, and how it can be destroyed, and, more important, provision for penalties for failure to protect the information. The law has provisions for ensuring any third party – that the company gives information to –to protect it as the company would have done. Thus, there are legal provisions in place to ensure safety too, although nobody can claim it’s 100% cyber attack-proof.

Once an organization reaches maximum capacity on the number of users or file storage capabilities, an outside vendor will serve them better. Then, the business model morphs into a pay-as-you-grow type. It can increase capacity or add capabilities on the fly, based on its needs. It allows for responding quickly to sudden market changes. The cloud takes care of itself, provided people know how to use it. It allows businesses to focus on their core areas.

Trust has come to be the greatest accelerator in cloud computing’s growing adoption. When cloud applications get beyond simple metrics to delivering insights and useful intelligence on secured platforms, it is winning more and more CIO’s trust.

Recently, even Microsoft have jumped on the cloud computing bandwagon, since cloud-based services generated over $68 billion last year and is projected to hit around $150 billion by 2014.

The recent Cloud computing outages such as Amazon’s, or security snafus such as the Sony story have dealt some beating to cloud computing. But what about the thousands of computing failures that happen on a daily basis in companies of all sizes?  Yes, cloud computing is fallible, but exactly in the same way as any computing system, regardless of where it’s located.

So why abandon motoring altogether just because your grandpa had met a fatal accident?

In today’s evolving information economy, where companies are facing severe pressure to reduce cost and conserve cash to face market uncertainties, cloud computing offers an immense opportunity to IT departments to convert fixed costs to variable costs and conserve cash.

But as we are aware too much of good things are not good, hence cloud computing also brings some amount of threats and challenges to the organizations.

Security ranks right at the top of the list of challenges irrespective of whether a company has started it cloud journey,planning to start one, or evaluating cloud as a viable alternatives,and in many cases these concerns are justified.

In one of its publications, Cloud Security Alliance has pointed out some most critical and important security challenges for cloud adoption. The alliance stated that cloud computing can be abused most nefariously in many ways. The abuses cited included Computing Insecure Application Programming Interfaces, Malicious Insiders, Shared Technology Vulnerabilities, Data Loss/Leakage, and Account, Service & Traffic Hijacking and Unknown Risk Profile.

Let us discuss how these things affect an enterprise in its cloud journey.

Hackers and unethical users continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their unlawful activities. Though most of the cloud services providers provide the option of stricter security norms and advance tools, many cases enterprise IT departments do not apply those norms and tools to increase ease of use.

Organizations need to adopt stricter initial registration and validation processes, comprehensive introspection of customer network traffic and a process for auditing the security breaches in the applications to ensure that application programming interfaces are secure.

The threat of a malicious insider is one of the most known threats for IT security. This threat is amplified for cloud deployment by the convergence of internal access, easier deployment method, and consummerization of IT.

The malicious insiders can have severe impact on an organization, given their level of access and ability to infiltrate organizations and assets.

IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructurewere not designed to offer strong isolation properties for a multi-tenant architecture. To manage this threat, organizations need to evaluate the IaaS providers properly and should take help of experts system integrators in this evaluation.

Insufficient policies and implementation of authentication, authorization, and audit (AAA) controls; inconsistent use of encryption and software keys, along with data center reliability; and disaster recovery, pose a major data theft and data loss challenge. Organizations need to have a stronger mechanism for formulating policies as well as for proper implementation of these policies to manage this challenge.

Account and service hijacking, usually with stolen credentials, remains a top threat for cloud implementation. Confidentiality, integrity and availability of cloud based services can be compromised using these stolen credentials. Organizations need to be aware of these techniques device proper strategies to thwart these attacks and contain the damage in case of a breach.

We can understand from the above discussion that though there are certain risks associated with cloud deployment, these risks can be mitigated by devising and implanting proper IT policies.

Opinion

January 30th, 2016 at 12:16 am

According to the CLOUD SECURITY ALLIANCE. the top three threats in the cloud are “Insecure Interfaces and API’s”, “Data Loss & Leakage”, and “Hardware Failure” which accounted for 29%, 25% and 10% of all cloud security outages respectively—together these form shared technology vulnerabilities. In a cloud provider platform being shared by different users there may be a possibility that information belonging to different customers resides on same data server. Therefore, Information leakage may arise by mistake when information for one customer is given to other. Additionally Eugene Schultz,the chief technology officer at Emagined Security, said that hackers are spending substantial time and effort looking for ways to penetrate the cloud. “There are some real Achilles’ heels in the cloud infrastructure that are making big holes for the bad guys to get into”. Because data from hundreds or thousands of companies can be stored on large cloud servers, hackers can theoretically gain control of huge stores of information through a single attack—a process he called “hyperjacking”. Some examples of this include the Dropbox security breach, and iCloud 2014 leak. Dropbox had been breached in October 2014, having over 7 million of its users passwords stolen by hackers in an effort to get monetary value from it by Bitcoins (BTC). By having these passwords, they are able to read private data as well as have this data be indexed by search engines (making the information public.
There is the problem of legal ownership of the data (If a user stores some data in the cloud, can the cloud provider profit from it?). Many Terms of Service agreements are silent on the question of ownership.
Physical control of the computer equipment (private cloud) is more secure than having the equipment off site and under someone else’s control (public cloud). This delivers great incentive to public cloud computing service providers to prioritize building and maintaining strong management of secure services.Some small businesses that don’t have expertise in IT security could find that it’s more secure for them to use a public cloud.
There is the risk that end users don’t understand the issues involved when signing on to a cloud service (persons sometimes don’t read the many pages of the terms of service agreement, and just click “Accept” without reading). Fundamentally private cloud is seen as more secure with higher levels of control for the owner, however public cloud is seen to be more flexible and requires less time and money investment from the user.
Due to being in a stage of infancy, it still has some pitfalls which need to be given proper attention to make cloud computing services more reliable and user friendly.

A cloud is called a “public cloud” when the services are rendered over a network that is open for public use. Public cloud services may be free. Technically there may be little or no difference between public and private cloud architecture, however, security consideration may be substantially different for services (applications, storage, and other resources) that are made available by a service provider for a public audience and when communication is effected over a non-trusted network. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure at their data center and access is generally via the Internet.
Proponents claim that cloud computing allows companies to avoid upfront infrastructure costs, and focus on projects that differentiate their businesses instead of on infrastructure Proponents also claim that cloud computing allows enterprises to get their applications up and running faster, with improved manageability and less maintenance, and enables IT to more rapidly adjust resources to meet fluctuating and unpredictable business demand. Cloud providers typically use a “pay as you go” model. This can lead to unexpectedly high charges if administrators do not adapt to the cloud pricing model.
-

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • Second Edition of Annual 4.5G & 5G Innovation Summit concludes on a successful note more...
  • Wydr launches India Wholesale E-Fair more...
  • Snapdeal clocks record 3x growth in Kids Category more...
  • Paytm ensures 100% security for users’ identity in Money transfers more...
  • HP Rolls out Four New PageWide Web Presses more...
Subscribe via email

Enter your email address:

Follow us on Facebook
QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration