SECURITY IN THE CLOUD
This Post has Comments Off on SECURITY IN THE CLOUD
Cloud computing isn’t necessarily heaven-sent. Although it can offer significant benefits and savings, there are significant drawbacks that could bring, well, let’s just say “a lot of heat” into your life. Whether public or private, cloud computing introduces a new level of security and operational concerns compared to traditional business computing. Business continuity, performance, migration and administration complexity are issues to be carefully addressed. Performance problems are a primary limitation of cloud computing. Many cloud providers assert that they manage their systems within the cloud so that performance for the end user will not be impeded.
In reality, however, delays in the Internet adversely affect performance of applications at the desktop. Delays may result from things beyond your control such as fluctuations in bandwidth utilization, interference, switching or other factors along the communication path between your computer and the server running the application. What is your threshold for downtime due to security or other incidents? What will the impact be on your business if the hosting provider is down and you have no access to those systems or data? Automatic scaling to meet the demand, while a benefit to a growing business can also lead to surprises on your bill. A hacker can run up his victims’ hosting bills by deploying a simple “denial of service” attack, which consumes the server’s processing capability. Since you pay for your usage, your costs can spike wildly out of control during such an attack. Security in the could has unique aspects relating to data integrity, recovery & privacy. Some of the chief concerns are listed below.
Cloud Security Concerns:
- You do not have control over the people and security processes in a cloud hosting site. You may or may not get reliable information about specific security controls and accesses.
- You are responsible for the security and integrity of your data regardless of where it is stored. Regulatory compliance requirements may or may not be met by the hosting company.
- Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn’t a cure-all and encryption accidents can make data totally unusable.
- Can the cloud provider quickly do a complete restoration in the event of a disaster? What is the time frame? What is the data loss threshold?
- Because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers, investigating inappropriate or illegal activity may be impossible.
- Make sure your cloud provider can deliver your data back in a format that can be imported into another application if necessary.