Introduction
Cloud computing is a technology where data and different applications are stored on storage networks and servers which are located in a remote place and accessed by the users via the Internet. In cloud computing case, it is On-Demand basis where consumers pay a subscription fee for the service. The use of this technology increases efficiency because the storage, memory and processing are centralized. This technology involves sending services which have been hosted through the Internet. Cloud computing would be useless without the technologies like Web 2.0, Software-as-a-Service (SaaS), and Data-as-a-Service (DaaS). These technologies have made cloud computing a success (Cleveland, 2009).
Security in the cloud
It has been discovered that many chief information officers and IT executives give security as their number one area of concern when it comes to implementation of cloud computing. This is especially true because with cloud computing, data is moved from an on-site premise to a cloud. It is vital to know where the data is stored and who has access to this data. When considering implementing cloud computing, one should look keenly and determine which standards will be implemented for securing data in transit. It is worth noting that enterprises move more enterprises to the cloud, which in turn increases the volume of sensitive data flowing between the two points. The cloud computing providers should be able to assure the consumers that the transit of this sensitive data is secure and free from interception.
Another challenge that comes forth is integrity. It is difficult to understand the integrity of the data that is located in the cloud. How are we assured that the data that has been stored in the cloud safe? These are the questions that should be asked when implementing the cloud.
There is also the challenge of reliability of the data that is stored in the cloud. There are times when the cloud is not reliable. Private cloud will be problematic to the company if it goes down and there is no technical staff to work on it. What is more, with IT department being less involved, it will be problematic to the business and may even lead to loss of revenue just because the system is down.
Cloud computing vendors may not meet the quality that is required for quality performance. There are standards that have been set for proper storage of data in any environment. With cloud computing vendors not regulated, it leaves a lot of security leaks which could be detrimental to the security and integrity of the data in the cloud.
It is proving to be a difficult task to administer security and manage a virtualized corporate information technology environment. The management of the security in the cloud may be thwarted with the complications of the legalities that come with this. There are no tools available for the user to monitor the security level and manage cloud computing vendors and their products.
Accountability
The person who will be accountable for the security of company sensitive data is the technical officer of the cloud provider. This person will be assisted by the technical personnel of our organization. The two groups will agree on the extent of data access for both groups. The cloud provider will be accountable for any breaches in security or any data loss. They will take the liability of these losses. This will have to be in written form.
Security provisions
The first issue to be considered when deploying cloud computing is the privileges given to users in order to access their data. Data which are stored outside the premises of an enterprise brings with the issue of security. How safe is the data? Who else assesses the data? Data which have been outsourced bypass the controls of the personnel of the enterprise. The client should get as much information as possible about how the data is stored and how the integrity of this data is catered for. The providers should be asked specific information about their hiring of privileged administrators who will manage the data.
The second issue to be considered is the regulatory compliance. The consumers are responsible for the security and integrity of their own data even when this data is held and stored by other providers (Callow, 2008). In the case of traditional service providers, they are subjected to external audits by auditors who will normally check on the security policy of that enterprise. The cloud computing providers should accept to undergo these external audits and this should be agreed upon in written form.
The other security policy to be considered is about the location of the cloud. In most cases, consumers do not know where the cloud is located and even don’t know which country it is. What they care is that their data is being stored somewhere. The providers should indicate, in written form, their jurisdiction and should accept to obey local security policies on behalf of the consumers.
Another issue is that consumers should be aware of the security breaches present with providers. Providers have always claimed that security is at its tightest in the cloud but this fact alone is not enough to assume security issues. An example is Google which was attacked in 2007. Their Gmail services was attacked and had to make apologies. As the data become richer in the cloud, so should security become tighter.
Questions to ask
1. What are the measures your company is taking to ensure that their data is secure in the cloud?
2. How often and to what extent do I have access to my data on an administrative level?
3. What happens in times of disaster? What is the RTO/RPO that the company has?
4. What are the disaster strategies that the company has in case there is a failure of the system?
5. How is the performance of the data in your cloud service? How often do you get downtimes?
6. What contributions am I allowed to make regarding the services that are being provided?
References
Allen, J. (2003). The ultimate guide to system security. Boston: Madison-Wesley.
Anderson, R. (2010). Security engineering: A guide to building dependable distributed systems. London: John Wiley and Sons.
Benantar, M. (2006). Access control systems: Security, identity management and trust models . New York: Springer.
Callow, B. (2008). Extending enterprise security beyond the cloud. IEEE Computer Journal , 12 (2), 54.
Gritzalis, S. (2009). New attack paradigms. IEEE Comouter Journal , 10 (2), 72.
Jha, S., Merzky, A., & Fox, G. (2008). Cloud computing and grid abstraction. Retrieved November 23, 2011, from Open Grid Forum: http://ogf.org/OGF_Special_Issue/cloud-grid-saga.pdf
McEvoy, G., & Schulze, B. (2008). Using clouds to address grid limitations. Workshop on Middleware for Grid Computing (p. 662). New York: ACM Digital.
Micro, T. (2007). Cloud computing security. Network World , 72 (2), 674.
Miller, M. (2008). Cloud computing: Web-based applications that change the way you work and collaborate online. New Jersey: Que.