One of the biggest game-changing innovations of this decade is cloud computing. The move away from purely on-premises applications and data storage is already underway, with consumers, small and medium-sized businesses, and even large enterprises putting applications and data in the cloud. However, the ever-present question is whether it is safe to do so. Cloud computing security is by far the biggest concern among those considering the technology. And if you’re an IT admin, it’s good to be paranoid. Losses from cybercrime and attacks can be enormous, and CSI’s 2008 Cybercrime and Security Survey shows an overall average annual loss of just under $300,000.
It may seem like a leap of faith to put your valuable data and applications in the cloud and entrust your cloud computing security to a third party. However, faith is not part of the equation, nor should it be. Every business needs to know that its data and applications are secure, and the issue of cloud computing security must be addressed.
In fact, the cloud has several security advantages. According to NIST, these cloud computing security advantages include:
o Moving public data to an external cloud reduces the exposure of sensitive internal data
o Cloud homogeneity simplifies security audits/tests
o Clouds enable automated security management
o Redundancy / Disaster Recovery
All four points are well taken. Cloud providers naturally tend to include rigorous cloud computing security as part of their business models, often more than an individual user would. In this sense, it’s not just about cloud computing providers implementing better security, the point is rather that they implement precautions that individual companies should, but often don’t.
A common security model
Most application providers enforce some level of security with their applications, although when cloud application providers implement their own proprietary approaches to cloud computing security, concerns about international privacy laws, the data exposure to foreign entities, authentication approaches, and role-based access. and leaks in multi-tenant architectures. These security issues have slowed the adoption of cloud computing technology, but it doesn’t have to be a problem.
The very nature of a cloud platform is that it enforces an instance of common software elements that developers can use to “bolt together” their applications without having to write them from scratch. This advantage is especially useful in the field of security. Cloud “Platform as a Service” provides an elegant solution to the security problem by implementing a standard security model to manage user authentication and authorization, role-based access, secure storage, multi-tenancy, and privacy policies. Consequently, any SaaS application running on the common platform would immediately benefit from the platform’s standardized and robust security model.
Superior physical security through cloud computing provider
Lack of physical security is the cause of a huge amount of loss, and insider attacks account for a surprisingly large percentage of loss. And while the specter of black hats hacking into your network from a third world country is very real, very often, the “black hat” is actually a trusted employee. He’s the guy from the accounting department you have lunch with. She is the lady who brings you your coffee in the morning and she always remembers that you like two sugars. He’s the recent college graduate with so much potential, he did a great job on the last report.
Of course, hackers can attack your network and data no matter where it is, given enough incentives and information, but the physical proximity of the actual hardware and data makes it much easier to gain access, and data centers in the cloud tend to have better internal physical conditions. security protocols, including locked rooms, regulated access, and other protections against physical theft and tampering.
Conclusion: superior security through the cloud
In addition to physical security, technical security is of paramount importance. Hosting your own servers and applications requires additional measures. A larger organization may need to deploy dedicated IT staff just for security. Cloud computing, on the other hand, builds cloud computing security directly into the cloud platform. While the company must still maintain internal security in any case, the provider ensures that applications and data are safe from attack.
We tend to think that keeping control over everything is inherently more secure, when this is not the case. Smaller companies, especially, may lack in-house trained security personnel, and even larger companies often simply don’t have the resources to dedicate to implementing rigorous security on an ongoing basis. On the other hand, a cloud computing provider, which offers a detailed service level agreement and retains internally trained security personnel, will often provide superior security compared to the in-house alternative.