Since the cloud is becoming one of the principal areas of development for businesses, many companies are offering the chance to access file remotely from various locations. A lot has already been said about the potential benefits of the cloud and the role it can play in future development but what many companies are starting to ask is: how secure is my data? In this article, I hope to give you more information to help you answer that question.
Security is probably the main area of concern for those interested in the cloud. This is a new worry for development businesses since a system housed within the confines of a business allows for a certain level of control. When that control is transferred to other parties, it can make it difficult to adjust. In order to address these security concerns, numerous efforts have been made to ensure that cloud providers are as secure as possible. There are many protective measures in place to protect your data and companies that are considering cloud software should make themselves familiar with these processes.
As with all things of this nature, cloud providers comply with certain regulations which are enforced by leading bodies. The Cloud Security Alliance (CSA) was formed with the aim of promoting the use of best practices for providing security assurance within cloud computing. The CSA has started to address the various challenges to wider adoption of cloud by enterprises.
By far the most widely acknowledged initiative has been the Security Guidance for Critical Areas of Focus in Cloud Computing. The guidance document is aimed at “helping organizations around the world make informed decisions regarding if, when, and how they will adopt Cloud Computing services and technologies.” It covers a spectrum of topics ranging from Architectural Framework and Governance and Enterprise Risk Management to Data Center Operations, Encryption and Key Management and Virtualization. An accompanying document, Top Threats to Cloud Computing, aims to identify the top threats that vendors and consumers of cloud services are facing.
The Trusted Cloud Initiative is aimed at helping cloud providers develop industry-recommended, secure and interoperable identity, access and compliance management practices while the Cloud Controls Matrix hopes to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
Always check that the provider you are considering abides by these by checking the information on their website.
Whilst the cloud can be remotely accessed your data and files must be physically stored at a data center. Always investigate where this is and what security it has in place. Most providers will offer multiple back-up locations all of which are controlled by extensive safety measures.
Since there are numerous ways cloud providers could protect your data, the actual implementation varies from service to service. All consumer cloud services are what we in the cloud world call public and are built for multi-tenancy. A public cloud service is one that anyone on the Internet can access and use. Think of iCloud or Dropbox. To support this, the cloud providers need to segregate and isolate customers from each other. Segregation means your data is stored in your own little virtual area of the service, and isolation means that the services use security techniques to keep people from seeing each other’s stuff.
Practically speaking, multi-tenancy means your data is co-mingled with everyone else’s on the back end. For example, with a calendar service your events exist in the same database as all the other users’ events, and the calendar’s code makes sure your appointment never pops up on someone else’s screen. File storage services do the same thing: intermingling everyone’s files and then keeping track of who owns what in the service’s database. Some, like Dropbox, will even store only a single version of a given file and merely point at it from different owners. Thus multiple users who happen to have the same file are technically sharing that single instance; this approach also helps reduce the storage needed for multiple versions of a file for a single user.
Although multi-tenancy means co-mingling data, the cloud provider uses segregation techniques so you see only your own data when you use the service, and isolation to make sure you can’t maliciously go after someone else’s data when you’re using the system. However, you are relying on the cloud provider to keep this isolation system in place. This also means that that data is probably available for support personal and internal development staff to poke around in, so it may not be the best option for secure or sensitive information.
As mentioned, you don’t want any unauthorized personnel gaining access to your files. This includes employees of your cloud provider so always investigate the security procedures they have in place when it comes to data access. Remember that laws such as the Data Protection Act apply to all businesses so ensure the service you select abides by these practices at all times.
Overall, despite its relatively new introduction, the cloud is fairly secure. There are plenty of opportunities for businesses within this modern development and thanks to the work of those responsible for its development, security is fairly high. In fact, 85 per cent of IT professionals are confident that cloud providers offer a safe environment for users.
Help us spread the word!
If you liked this article, consider enrolling in one of these related courses:
|Nov 18||Cloud Computing Introduction|
|- Classroom - Online|