Skip to main content

Cloud Computing Security Concerns

5th Oct 2016

Cloud Computing Security Concerns

A closer look at the most pressing security concerns in the world of cloud computing, as well as what service providers need to be offering users

Security is (arguably) the predominant reason most people harbor apprehensions about cloud computing. The bad publicity that cloud computing has suffered has in some ways, (at worst) set its development back a number of years and (at best) caused a great deal of individuals to think twice about cloud computing. While cloud computing security concerns are certainly not unfounded, they have been blown out of proportion. The truth is that any computer network whether it be cloud or grid-based could be at risk (in terms of security) given that certain protective measures aren't put into place and established guidelines aren't followed. However, security for cloud computing is implemented and managed in ways that may be unfamiliar (even to those that have handled network security before), this also causes people to develop apprehensions.

Unfortunately, there are many ways that an intruder or miscreant can undermine cloud network security. However, with emerging technologies coming online that are designed to essentially monitor all traffic and data exchanges occurring within a cloud, it's soon going to get a lot harder for people to compromise security standards. This leads us to the obvious question, what are the principal security concerns in the world of cloud computing right now?

 

  • Investigating purported breaches of security and illegal activity - Currently, it is somewhat challenging (or impossible in some cases) to investigate security breaches or other illegal activities. However, that doesn't mean that companies shouldn't be able to sign a contract stating that they will go above and beyond in assisting any third parties should the need for further investigations be needed. This contract should also extend to include data collection as well as admission of said data as evidence in a court of law.
  • Enduring logistical / business presence - What happens to your data and service(s) if your cloud services provider suddenly goes out of business? Will you be able to replicate your current system? Can you obtain copies of your data if they go out of business or merge with another group? These questions are extremely relevant to the health of your business and are worth exploring further. It is also of equal importance that a cloud provider is able to remain on the cutting edge of technology with regards to cloud computing; failure to remain competitive in this way may affect the bottom line of your business.
  • Segregating data - It is fairly typical for providers to segregate data all over a cloud, though you data is encrypted it is still mixed in with the data of everyone else on that particular cloud network. There are two concerns that should be addressed regarding segregated data encryption:
    1. Study information regarding how a provider segregates their data; if there is an actual method behind it (as the level of encryption).
    2. Find out who designed the encryption system as well as who was responsible for testing it and what their actual level of expertise is.
  • User access - Unquestionably, the single biggest area of cloud security that gets the most attention is user access. If a business is using the services of a cloud computing provider they have to know who has potential access to their resources. It is also extremely important that a user is able to trust their provider(s); vendors must be able to tell their customers who is in charge of maintenance and administration over their data. If a service provider cannot 'name names' regarding who actually manages their data, you should look elsewhere.
  • Compliance with regulations and guidelines - It should go without saying that those service providers that are unable to meet with compliance and regulations regarding security and operation of a cloud infrastructure should not get your business. This is also important for legal reasons; for example, if your data is stored in a remote location or foreign country and your data security is breached, your provider may be able to circumvent the law based on the location of the hardware/data at the time of the incident. Make sure that your service provider is willing to sign a contract regarding privacy requirements and/or regulatory compliance(s).
  • Emergency / Recovery / Contingency plans - Disaster don't occur very often, but it's still imperative that you find out what will be done in the event of one, especially if it concerns the livelihood of your business. The only viable solution for disaster recovery and security is a service provider that actively copies data on a daily basis and stores it in another location on a separate system. In fact, many leading cloud providers create copies of data and spread them out across multiple networks, ensuring the absolute highest level of recover-ability available (even beyond what is capable with grid computing).

While security is still a touchy subject in cloud computing, the truth is that it is being dealt with. In fact, security probably gets the most attention from cloud developers apart from their obsession with operating systems. Every major (and minor) security concern will eventually be addressed and dealt with, in the mean time there are automated bots that crawl over the clouds, monitoring and recording information regarding user access for further analysis. All in all, cloud computing (in its current form) is still a viable and valuable commodity, despite its shortcomings in the security arena.

+++ Would you like to learn more about Cloud Computing and how to manage your IT Service through Cloud technology? Sign up for our Cloud Computing Foundation Program. Now also available for iPad and iPhone.

!