Cloud security: What works and what doesn’t work in cloud

January 14, 2013 Off By David

Contributed Article. Author: Charles Smith.

The growing rate of adoption of cloud based technology has also given rise to a growing concern about deficient security policies in its utilization. Many companies allow their employees to access data and files from their office cloud but have no definite or distinct cloud security policies. There is a nagging dearth of written down best practices for cloud utilization. The concerns are arising at multiple levels such as –

•    Compliance with government regulations
•    Exit strategies
•    Lock in periods
•    International data privacy
•    Credibility and consistency of suppliers
•    Service assurance and testing
•    Integration between cloud and existing systems

As the adoption rate for cloud is increasing the gap between cloud implementation and security issues is becoming wider as well. Some of the above security concerns are directly related to decision making regarding cloud adoption, which is further regulated by financial considerations, innovation in cloud, usage of cloud in achieving business goals, confidence in cloud market, and more.

In most occasions there are scopes for improvements in making your business activities more sensitive towards cloud security. Decision needs to be taken regarding the amount of risk the user is ready to take in making his data available over public cloud.

Cloud computing is still far from reaching maturity with only certain forms of as-a-service facilities being available in the market and these too need to travel a long way before earning cent percent confidence of its users. Meanwhile, some security issues can be avoided by adopting the following steps:

Using right applications: You can ensure data security for mission-critical projects by avoiding the use of all the applications available on public cloud. You need to critically analyze the applications available on cloud and their usefulness towards your project. By being discreet you can ensure that some data remain off the public cloud domain.

Evaluate security: Do not put blind faith on the words of the cloud computing consulting firm regarding data security. This is because security levels vary widely between providers offering different forms of as-a-service facilities. To protect your data from security infringement you may review security policies of the provider at regular intervals, analyze vulnerability and add extra layers of security measures whenever needed. Follow the data security guidelines offered by government agencies or statuesque institutes.

Create awareness: Educate your users on security issues while using cloud based services. It is also essential that you exercise certain control over your data on cloud and make sure there are visible security alerts in place that will inform you whenever there are signs of malice i.e. files being modified or data getting changed at unusual frequencies. Encrypting data on cloud is another way to protect your data from malicious practices.

Safer storage: A way to improve data security in cloud is by adopting hybrid cloud set-up where project sensitive data can be stored in the secured private cloud environment of the organization. You can further improve safety by avoiding storing encrypted data and encryption keys at the same cloud.

Third-party auditing: Auditing security measures over a period of time using third-party auditing service will reveal the security weak points of the service provider. Third-party auditing will reveal if there are compliance, consistency, or standard issues with cloud computing provider’s services.

###

CategoryNews

9 Questions to Ask Before Signing a Cloud Computing Contract

Public Still Hazy on Cloud Computing, Survey Finds