Cloud Computing Security Challenges
Cloud computing opens up a new world of opportunities for businesses, but mixed in with these opportunities are numerous security challenges that need to be considered and addressed prior to committing to a cloud computing strategy. Cloud computing security challenges fall into three broad categories:
Data Protection: Securing your data both at rest and in transit
User Authentication: Limiting access to data and monitoring who accesses the data
Disaster and Data Breach: Contingency Planning
Implementing a cloud computing strategy means placing critical data in the hands of a third party, so ensuring the data remains secure both at rest (data residing on storage media) as well as when in transit is of paramount importance. Data needs to be encrypted at all times, with clearly defined roles when it comes to who will be managing the encryption keys. In most cases, the only way to truly ensure confidentiality of encrypted data that resides on a cloud provider's storage servers is for the client to own and manage the data encryption keys.
Data resting in the cloud needs to be accessible only by those authorized to do so, making it critical to both restrict and monitor who will be accessing the company's data through the cloud. In order to ensure the integrity of user authentication, companies need to be able to view data access logs and audit trails to verify that only authorized users are accessing the data. These access logs and audit trails additionally need to be secured and maintained for as long as the company needs or legal purposes require. As with all cloud computing security challenges, it's the responsibility of the customer to ensure that the cloud provider has taken all necessary security measures to protect the customer's data and the access to that data.
With the cloud serving as a single centralized repository for a company's mission-critical data, the risks of having that data compromised due to a data breach or temporarily made unavailable due to a natural disaster are real concerns. Much of the liability for the disruption of data in a cloud ultimately rests with the company whose mission-critical operations depend on that data, although liability can and should be negotiated in a contract with the services provider prior to commitment. A comprehensive security assessment from a neutral third-party is strongly recommended as well.
Companies need to know how their data is being secured and what measures the service provider will be taking to ensure the integrity and availability of that data should the unexpected occur. Additionally, companies should also have contingency plans in place in the event their cloud provider fails or goes bankrupt. Can the data be easily retrieved and migrated to a new service provider or to a non-cloud strategy if this happens? And what happens to the data and the ability to access that data if the provider gets acquired by another company?
Cloud Computing Security Summary
While there are real benefits to using cloud computing, including some key security advantages, there are just as many if not more security challenges that prevent customers from committing to a cloud computing strategy. Ensuring that your data is securely protected both at rest and in transit, restricting and monitoring access to that data via user authentication and access logging, and adequately planning for the very real possibilities of compromised or inaccessible data due to data breaches or natural disasters are all key security challenges that a company must address when considering cloud computing providers.
Congratulations! You now have a better understanding of the security challenges involved in cloud computing!
Although it is almost impossible to keep up with the pace of ongoing product releases, here are three recent highlights in the flash data storage... Read More »15 Important Big Data Facts for IT Professionals
Keeping track of big data trends, research and statistics gives IT professionals a solid foundation to plan big data projects. Here are 15... Read More »Enterprise Storage Vendors
There's a number of vendors that sell enterprise storage hardware or offer cloud-based enterprise storage. View Webopedia's Enterprise storage... Read More »
- Check out eWeek's new Research Center, a central and comprehensive library of whitepapers, eBooks, eseminars, webcasts, and more from top industry brands and independent tech journalists »
- Watch Datamation's editor James Maguire moderate roundtable discussions with tech experts from companies such as Accenture, Dell, Blue Jeans Network, Microsoft and more »
If hackers get their hands on your company's data, they can wreak havoc on customer relationships and cause tremendous damage to your brand and... Read More »Windows XP: Move Along, There's Nothing to See Here
After more than 12 years of holding the title of most popular operating system in the world, Windows XP is taking center stage for its final... Read More »Report: The Role of Big Data in the Marketing Industry
According to a new study from Infogroup Targeting Solutions, we can expect to see companies spend heavily on big data marketing initiatives in... Read More »