Profile Facebook Twitter My Space Friendster Friendfeed You Tube
Kompas Tempo Detiknews
Google Yahoo MSN
Blue Sky Simple News Simple News R.1 Simple News R.2 Simple News R.3 Simple News R.4

Tuesday, March 8, 2011

Cloud Computing Security Considerations - Identify & Ameliorate The Issues

article by Seth Colaner - PC Today September 2010
Although cloud computing offers immense potential for businesses of virtually all types and sizes, there are a few issues that all companies must be aware of before working with a cloud provider. Security is the one that usually tops the list.

Concern over security is hardly unfounded; indeed, it’s a topic that computer users have to confront every day. However, in the context of cloud computing, the need for superb security multiplies several times over, as potentially every system company-wide must rely on a third-party service provider for security. Moving some or all of a company’s data or applications to the cloud requires a great deal of trust in the cloud provider.

Finding The Right Provider
According to Jon Oltsik, senior principal analyst with the Enterprise Strategy Group, the security issues most pressing to a given company depend on the type of cloud computing service it wants to adopt. However, there are a few items every company should look for. “They should assess the vendor’s data center security (for example, have they achieved SAS-70 certification?), their security defenses, the IT staff, skills, etc.,” Oltsik says. “Don’t settle for words in a spec sheet; do extremely deep due diligence or have a security professional do it for you.”

In other words, the key to security is finding the right gatekeeper, as most of the security issues inherent in cloud computing begin and end with the provider. For example, is the provider’s physical data center secure and relatively safe from natural disasters? Does it back up your data to multiple locations? Does the provider meet best practices and regulatory compliance? Is the provider prompt and thorough in keeping their equipment and software up-to-date? Geographically speaking, where is your data being housed—is it in another country and therefore governed by non-U.S. privacy laws ?

Insecure technology, weak policies, and questionable practices of any kind on the part of the cloud provider lead to increased risk for you, the customer.

To oversimplify cloud computing, it’s essentially outsourcing some or all IT work to a third party. In other words, a cloud computing provider can take the place of much of your IT staff and equipment. IT personnel hold the keys to the kingdom in every company. More than anyone, including even the CEO, they have a complete picture of the company and can access and edit all of the company’s mission- critical or sensitive information

Therefore, you need to be able to trust your provider as much as you would your own internal IT staff. If you were hiring an IT manager for your company, you wouldn’t just accept a firm handshake, a nice business card, and the casual referral of a friend before you hire a person. Instead, you would do a thorough background check, scrutinize references, and have multiple interviews before you were certain that this person was best for the job. Why would you do anything less before signing an SLA (Service Level Agreement) with a cloud provider?

Although the process for vetting cloud providers is still developing, there are a few ways you can check to make sure a provider is above board. You can ask to see a cloud provider’s SAS 70 and ISO 27001 security audits, which are measures that help ensure a given company meets security standards.

The Trusted Cloud Initiative, the product of an alliance between the CSA (Cloud Security Alliance) and Novell, will be a third-party, vendor-neutral standard for cloud security and compliance that’s designed to offer additional security certification requirements for cloud providers as well as educational tools. The Trusted Cloud Initiative is scheduled to be available by year’s end

For Cloud Providers
Oltsik has a few suggestions for ways cloud providers can bolster their own reputation and help ensure secure operations. “Cloud providers should do background checks on all employees. Cloud providers must have strong authentication, separation of duties, and role-based access control. All customer data should be encrypted at all times.”

If your company is hunting for a good cloud provider, these practices are some of the ones you should look for before signing any contracts.

Sober Risk Assessment
Despite the (warranted) concern over security, it’s also important to maintain perspective. Your business’ sensitive data, such as trade secrets and employee information, must be kept secure at all costs. If you  haveapplications hosted in the cloud, you must keep them patched and bug-free to guard against malicious exploits. But there are some instances where security isn’t quite as pressing of an issue.

One example Oltsik gives is simple storage of nonsensitive data. The benefit is that by outsourcing some storage, a company can potentially save a great deal of money on hardware costs without fretting that critical data is at risk.

In other words, the latter is a low-risk, shortterm issue. However, as Oltsik is quick to point out, long-term security is a major issue and should be taken seriously. No business that leverages cloud computing can afford to turn a blind eye to security. ▲

Related Post:

Widget by [ Iptek-4u ]


Post a Comment

Copyright © 2010 - All right reserved