January 20, 2011

Is the Cloud Secure? Yes Another Perspective

By Sourya Biswas

Is the Cloud Secure? Cloud computing has grown by leaps and bounds in recent years. Every day brings news of some acquisition, some investment, some innovation in this space. What started as a mere snowball has gradually acquired the proportions of an avalanche with all the big boys of the Information Technology putting in big […]

Is the Cloud Secure?

Cloud computing has grown by leaps and bounds in recent years. Every day brings news of some acquisition, some investment, some innovation in this space. What started as a mere snowball has gradually acquired the proportions of an avalanche with all the big boys of the Information Technology putting in big dollars in cloud computing.

From Microsoft to Google to late-entrant Oracle, everyone has their fingers in the cloud computing pie.  However, concerns still remain, chiefly regarding security. Several companies have put off moving to the cloud simply because of security concerns. Otherwise, cloud computing with its pay-per-use and get-when-you-demand model seems to be a win-win situation.

Security is a major bugbear today, and not only in the physical world. Enhanced security concerns may lead to stringent, and often unwelcome, TSA checks at airports, but it also affects the adoption of new technologies like cloud computing. Especially if that technology is based on the World Wide Web, where literally, anyone with a modem and Internet connection can log in. The recent Wiki Leaks controversy hasn’t helped matters as regards acceptability of cloud computing.

Many opponents of cloud computing say that the technology’s presence on the Web makes it open to attackers worldwide. What they fail to realize is that isolated data centers, as was the norm before the advent of cloud computing, aren’t immune to hackers either. In fact, the modular nature of cloud computing may actually limit damage due to such attacks over the Internet.

With isolated data centers, it’s the old “all eggs in one basket” scenario, and we all know how that ends if the basket falls. On the other hand, with cloud computing, you are actually placing your eggs in different baskets. Even if one or more of those baskets fall, you have others to fall back on. Therefore, it is clear that being on the Web is not necessarily a disadvantage for cloud computing.

Secure Cloud Data

Of course, if your isolated data center is isolated in the true sense of the word, that is, not connected to the World Wide Web, you are safe from online attacks. But are you truly safe? Think again. How about a disgruntled employee who slips in with a USB drive, downloads confidential information and then passes it along to your competitors? Remember, confidential diplomatic messages released by Wiki Leaks were not obtained from an unknown hacker, but a US Army soldier Bradley Manning who simply walked in and downloaded the data onto his music CDs.

Does this mean that company’s security fears about cloud computing are unfounded? Not really. But instead of suspecting the technology, perhaps they should be looking more closely at the providers. Here’s why.

In spite of all the literature of “being on the cloud,” cloud computing is based out of data centers, quite similar to the ones that support companies’ internal resources. Granted there are multiple data centers at work here, but at the end of the day, they are still data centers. And like all data centers, they are susceptible to security issue like data theft, natural disasters, etc. While the redundancy of multiple data centers does restrict problems due to natural disasters like fire, data theft cannot be ruled out. And this is where the trustworthiness of Service Providers comes in.

“Can I trust my cloud computing service provider?” – this is the question a company should be asking itself, rather than, “Can I trust cloud computing?” If the company feels that its own data centers are more adept at safeguarding data than its service provider, then its security concerns regarding cloud computing is justified.

This means that a company has to be very careful in choosing its cloud computing service provider. However, a vetting process is natural when selecting a vendor or provider of any service, and thus, cloud computing is no different. Granted, the vetting process may be more stringent than when choosing a beverage supplier, but essentially, the procedure is the same.

A service provider can remain in business as long as it can keep its reputation intact. Therefore, any provider which has been deficient in safeguarding its customers’ data will fall by the wayside by natural selection. Even a cloud computing pioneer like Amazon has faced flak for removing Wiki Leaks’ data from its servers citing breach of contract, as I had mentioned in an earlier article. Therefore, for a company it is important that the contract fine print is closely examined before it signs on the dotted line.

At the end of the day, while I would not go so far as to say cloud computing is completely secure, I believe that it’s secure enough for most companies. I am not playing with words here, but merely stating the fact that no IT system is completely secure, not even the internal data center with multiple firewalls, restricted access and housed in a fire-resistant, earthquake-proof building.

Of course, with the technology undergoing improvements by the day, waiting for a few months may not be wrong. At the same time that has to be weighed against possible benefits that the company will lose out on by moving to the cloud. In other words, cloud computing should not be considered untouchable simply because of security concerns, but all arguments weighed before a final decision is taken.

Remember, if you truly want a system that is 100% secure, perhaps you should look at getting a personal computer that remains at one place in your home, is not connected to the Internet, does not accept external media like floppies, disks and flash drives, and to which only you have the password. But then again, that wouldn’t help you, or your company, do much work, would it? Cloud computing is here to stay, and in all probability, is going to revolutionize how we do business.

By Sourya Biswas

Sourya Biswas

Principal Security Consultant at NCC Group

13+ years of experience in Client Engagement, Business Development, Project Management and Management Consulting in the Information Security & Risk Management and IT Strategy domains.

250+ articles on Cloud Computing, technical editor of a reputed textbook.

MBA (double major in Consulting & Business Leadership) on full scholarship from Notre Dame, Bachelor's engineering degree in Information Technology from a top 10 engineering institute in India.

Professional certifications include the CISSP, CISM, PMP, PSM and several ITIL Intermediates.

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more
Katrina Thompson

Why Zombie APIs are Such an Important Vulnerability

Zombie APIs APIs have a lifecycle, the same as anything else. They are born, they [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more

SPONSORS

Interviews and Thought Leadership

Michael Kleef

Akamai’s Michael Kleef Reveals Key Shifts in Cloud Computing Landscape

Welcome to a conversation with Michael Kleef, Vice President of Product Marketing, Developer Advocacy, and Competitive Intelligence at Akamai Technologies. Today, we’re privileged to have him share his insights with [...]
Read more
Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff DeVerter, a seasoned IT and technology veteran with over 25 years of experience, sheds light [...]
Read more

Gartner Predicts Solid Growth for Information Security, Reaching $287 Billion by 2027

AI continues to become more weaponized, with nation-state attackers and cybercrime gangs experimenting with LLMs and gen AI-based attack tradecraft. [...]
Read more

Karen Buffo, CMO of MixMode, on the Rise of AI in Safeguarding Digital Assets

Welcome to our Q&A session with Karen Buffo, CMO of MixMode, hosted by CloudTweaks. Today, we’ll explore the profound impact [...]
Read more

The Future of Cybersecurity: Insights from Cyber Upgrade’s Founders

AI and Cybersecurity: Innovations and Challenges In the rapidly evolving landscape of technology, where artificial intelligence and cybersecurity shape the [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.