Cloud Security

by

Whilst researching the subject of, the increasingly popular, cloud computing it became very obvious that the issue of cloud security is a real concern so I felt it appropriate to tackle the issue separately. The reason it was obvious to me is the scale of online talk and articles about the subject and also, using the Google Keyword Tool, it shows that on an exact match basis alone, the two terms – cloud security and cloud computing security are being searched for by 11,000 people a month. Sure that may be some numbers short of the big hitting keywords but it is enough for me to see significant concern.

cloud computing securitycredit

The above image states very clearly the concerns that professionals have. Unfortunately there have been a number of high profile security breaches hitting the headlines and causing much embarrassment. You can do a simple online search or you can read about some of them here, here, here, or here. If you do have a bit of time on your hands you could even try here too!

I have spoken elsewhere about Data Protection and can sum up the problem in just a few points. Firstly most countries have laws protecting such things and you can be subject to legal sanctions for breaching these laws or the responsibilities that you have under them. Secondly your customers and potential customers are increasingly concerned about this issue so, quite simply, will they forgive you if you get it wrong? Lastly it leaves a bloody awful mess and resources in your business have to be diverted away from things like making money, to deal with regulators, angry customers, the press etc. Enough said.

Here are a few articles you should look through:The first one is an easy pick as it has some good and informative graphics from Intel and you can find it here. The graphic at the top of this page is taken from that. You will also see at the bottom a link for the full report but it does not work, however, I’ve managed to find a link that does work and to get the full report click here. Another great report from Intel can be found here. If you find this a little difficult to read if you look to the top right you’ll see that it can be downloaded as a PDF, which you may find easier. The last report is not exactly lightweight; it is 177 pages of authoritative and well researched content. You’ll find it through this link Cloud Security Alliance. When you click through you then need to click on ‘security guidance’ and this will allow you to download the document. Note; that though it does show an opt in this is voluntary only and you can still get the document without opting in.

So what are the concerns with the cloud and, in particular, security? In many respects it is still the same kind of problem that has existed on the internet since day one. There is a lot of data being transferred to and fro into different environments. Some of this data, to a certain degree, is valuable, some extremely valuable and some of it is, frankly, not very exciting at all. In addition you have lots of different people from different parts of the world using different PC’s, tablets and other types of electronic gadgetry that need access to their data at whatever time of the day or night it happens to be. In this situation there is great potential for things to go wrong if people are not smart enough to put measures in place.

In essence the data needs to be held securely, and needs to be protected whilst being transferred in or out of the cloud. Data needs to be partitioned properly so that no one else can access it, and I’m not just talking about hackers here, but other cloud customers too. Measures need to be put in place to ensure the above happens then subjected to constant testing, audit and vigilance.

So how do you ensure that all this is in place? That answer is not straight forward as it depends on what type of business you are and what kind of information you are trying to protect. I should reiterate here also that whatever I suggest has not only got to make sense to you and your business but has also got to satisfy your legal requirements in whichever country you are operating.

If you are a small business and you want to back up some data then you are probably able to get a service like Dropbox. As long as you are dealing with a couple of gigabytes or less you’ll even get it for free, which is a bonus. You will not get many guarantees with this but they do have a good name which they will do their utmost to protect and they also have paid for deals for larger data users, so they do take security seriously as any breach would hit them in the pocket with their fee paying customers. A simple online search will reveal many other businesses offering such a free service too.

For larger customers I would suggest one or more of the following options.

1. Speak to your insurers and ask their advice. As they are the ones who may have to pick up the financial pieces if it goes wrong they are likely to be helpful here
2. Speak to a comparable, but not competing business, and ask them for advice and guidance, simply, what do they do?
3. Speak to the data protection body in your country and ask them (I have listed some of them here)
4. If you have lots of valuable data then speak to those institutions who you know will point you in the right direction, for example, banks go to great lengths, for obvious reasons and whilst they may not tell you their secrets they will provide help or tell you where you can get it.

Another common theme and one which appears to be best practise amongst the larger companies is that you should not just take the cloud companies’ word for it that they have measures in place. Use the services of a third party auditor as a kind of insurance policy.

For more information you may also want to look at this too, from Wikipedia.