Cloud Computing : Cloud Computing Security – “The Basic” – Part 15
Cloud Computing providers are aware that concerns around security and privacy are of major concern to both adopters of cloud computing, as well as those holding back.
They understand that without stringent security and privacy measures, this model cannot survive.
Without reliable security, their businesses will collapse.
So security and privacy are high priorities for all cloud computing entities.
Many people do not realize that many reputable cloud service providers rely on strict privacy policies, as well on sophisticated security measures, such as proven cryptographic methods to authenticate users.
As a result, many Cloud Computing vendors offer greater data security and confidentiality than companies that choose to store their data in house.
** Always remember also that organizations can do their part to enhance security **
For example, organizations have the choice of encrypting their data before it ever gets to a cloud service.
Before signing on a cloud service provider, organizations should take note on :
- Get more information about exception monitoring systems
- Be aware on updates and make sure that staff don’t suddenly gain access privileges they’re not supposed to.
- Ask where the data is kept and inquire the details of data protection laws
- Encrypt the data at the source
- Seek an independent security audit of the host
- Find out which third parties the company deals with and whether they are able to access your data
- Be careful to develop good policies around passwords; how they are created, protected, and changed.
- Look into availability guarantees and penalties.
- Option to include your own security policies
Risk-related issues associated with Cloud Computing
- Regulatory compliance: It requires that the infrastructure obeys the rules that are specified either by regulatory bodies or corporate rules. While more operational than technical, it is difficult to design and operate the cloud computing infrastructure according to such compliance requirements.
- User privileges: A user should keep this in mind that while assigning privileges to users, they must be given least privileges, because if the user has escalated privileges, they could access data and harm it.
- Data integration: Data-hosting companies can place more than one company’s data on a server as web-hosting companies place more than one company’s website on a server to earn the profit. Encryption should be used to protect the data in order to prevent this from being problematic. Remember that the data remains as safe as the data it is integrated with.