Cloud computing in the 21st century promises to be what electricity was in the 20th century; cheap, plentiful and always available to compute resources to fulfill your every need. With any new technological advance however, there are always risks which could be exploited by those with malicious intent.
If you’re fortunate enough to have the resources within your organization to build and operate your internal private cloud, most of these risks would have been mitigated already as you still retain an element of control. Many other businesses are not in this position however, especially those in the small and medium sized sector, who are shredding documents to move to the cloud.
All of the security concerns we’ll be discussing below are not deal-breakers as such; the benefits of the cloud far outweigh any data security risks entailed in the transition to utility computing. As a decision maker, however, it is important to think about these issues before securely shredding everything and embarking on cloud migration, and finding out from prospective cloud providers how they will safeguard your data operations should be a key deciding factor on choosing your public cloud provider.
Data storage
Data should be securely encrypted when on your cloud provider’s servers, and also when in use and being processed by the cloud service. Forrester, a leading technology market research company, warns that few providers are currently able to guarantee data security and protection whilst it is being used within the application, and also what they do with the data after processing is complete.
Data transfer
Communications over the internet must be secured in any cloud transaction. On a browser, look for the “https” URL header when you connect to your cloud provider. In addition, always ensure traffic is authenticated and encrypted using industry standard protocols, developed specifically to secure internetworking, such as the Internet Security Protocol (IPSec).
Secure APIs
Also be aware of the software interfaces or application programming interfaces (APIs) that are employed in cloud services. The Cloud Security Alliance (CSA), an industry trade group, recommends learning about how your cloud provider integrates security throughout its offering, spanning activities such as monitoring and alerting services, data authentication and access control techniques.
Access control and data separation
You no longer have any personnel controls over people that have access to your data stored on the cloud provider’s servers. Make sure you consider the sensitivity of such data first to make sure that it is appropriate for release into the cloud. Gartner, a leading technology research and advisory company, also suggests asking for profiles of people who manage your data and the level of access they have.