Tom’s Hardware featured an article last week which sought some general answers to the question of how to maximize security in the cloud. As more and more companies migrate their IT resources towards cloud-computing vendors such as Amazon Web Services, the issue of securing one’s data on somebody else’s machines has been rightly generating much attention.
The article delineated four main areas of focus when it comes to cloud security:
- Data Encryption – There are various ways to ensure that company data stored in the cloud is encrypted. SSL and other VPN (virtual-private network) connections are the standard offering by cloud providers, which allow for encryption of data when it is transported across network channels.The safest option, though, is to extend your internal security to cover the resources stored on the cloud. This can either be done, as the article notes, by either establishing a public and private hybrid cloud or by using something like Amazon’s Virtual Private Cloud, which directs cloud-based application traffic through your internal security tools before it goes online.
- Fine-Grained Access Controls – The ability to restrict access to various resources located on the cloud based on user type is one of the least developed areas of cloud computing security. This feature is more of a protection from accidental internal damage rather than from malicious attacks outside one’s organization. Developers who are working on one project whose resources are located in the cloud should not necessarily have access to the entire company cloud files, where negligence or ignorance could cause inadvertent damage. This is an area that is being rapidly developed and these features will be in place for most serious cloud providers “in the near future”, according to Tom’s Hardware.
- Redundant Infrastructure – Just like access controls prevent accidental human error from disrupting your applications running on the cloud, a redundant infrastructure minimizes the risk from machine malfunction. Amazon offers its cloud users the option of spreading their data across various data centers located in different physical locations. If a system of hardware fails in one place, your data will be safe in another.
- Application Protection – The cloud can make computing more efficient by allowing many users to utilize an application through the web rather than having it installed on each of their computers. Nevertheless, the communication channels between users and applications in the cloud is a weak link in the cloud-computing security chain. Cloud providers are trying to transfer the same types of firewalls and other protective measures that are used to protect dedicated data centers to the cloud, but this is still not a comprehensive offering.
In the past few years, cloud computing has seen tremendous growth as an effective alternative to housing expensive in-house IT resources. Once threats from external intrusion and internal mishaps, as well as from hardware failure, are dealt with in the cloud in the same ways as is done by dedicated data centers, then cloud computing security will cease to be a cause for anxiety among IT executives and managers.