Cloud Computing has generated a lot of buzz in the IT (Information Technology) industry. The advantages of this new type of computing seem to outweigh the bad. But the truth is, this type of networking strategy means that security plays a very crucial role, especially for the clouds. Sensitive data and information from clients are stored in their servers and although data redundancy and archiving is implied, the fact remains that the clouds are becoming a very attractive target for malicious attack from hackers and virus authors. The very idea of mining the cloud for critical information whets the hacker’s curiosity.
In order for cloud computing to move forward in its evolution, security should be at the forefront of the battle. Vendors should prioritize the building up of defenses against hackers, viruses, malware, etc. The infrastructure should be thoroughly checked and tested to guarantee against attacks. Customers should be wary of vendors who lack the capacity to provide security as their data could contain extremely sensitive information that may hurt their businesses or interests.
The analysts at Gartner, an IT research firm, advise customers to check with the vendor about these issues in security before they decide which cloud is suited for their needs.
1. Log Management. When data is stored outside the company’s physical location, there are inherent risks involved like remote unauthorized access. The customer should have the right to know the network administrators, the people who have control over their data.
The vendors would also need to meet the requirements of end users which sometimes delegate only a certain part of data to certain people in the organization. High-level executives, for example, are authorized to access more sensitive information than say, a low-level rank and file employee.
Also in channel management, companies should look at their channel partner profile and determine the data they should have access to.
2. Data Recovery and Investigation. In the event the main server of the cloud crashes, the vendor guarantee of data recovery should be clearly stipulated in the agreement. It is industry standard to provide backups and redundancy measures to ensure that data is not lost when the main server crashes.
The solution provider is obligated to investigate such an incident to ensure it does not happen again. Customers need to feel that their cloud providers are reliable and can handle emergencies like virus or hacker attacks or even environmental conditions where servers are affected.
3. Physical Location of Data. Chances are most internet users don’t even know which country their emails are actually stored. Redundant servers are often in another location to protect the archive. It would be wise to know where data actually is stored and making sure there are laws to protect the contents of these cloud servers.
4. Compliance to industry standards. Since cloud computing is relatively new, there are no specific laws covering this technology. The industry however took the initiative and set standards and gives certifications to solution providers in order to protect the customers and promote well-developed solutions.
5. Data Segregation. Cloud providers serve not just one but several clients at a time. Customers should ask the vendor how they prevent other clients from accessing their data. In channel management, for example, the partners should have individual access according to their channel partner profile.
Google had a recent incident with Google Docs when it inadvertently shared users’ documents without permission from the author. Errors like these are disastrous when sensitive data is involved.