Are You Secure in the Cloud?
A recent article on PC World raises doubts about the cloud and security in public and private clouds. I think the author raises some good points that any company should consider before moving to a public cloud versus a private one.
The following are the five points made about public clouds and private clouds: Internal clouds are not inherently secure; companies lack security visibility and risk awareness; sensitive information needs safer storage; apps aren’t secure; and authentication and authorization must be more secure.
I believe these points are definitely valid. However, I also believe that these five points are the same concerns you should have about your LAN as well. Cloud security is no different from your internal servers versus your cloud servers, public or private. Another article in PC World examines a handful of tech companies and their stories about using hybrid cloud computing, which is a mix of private and public clouds. It has more than fifteen references to a variety of cloud articles concerning security.
I found “Defining Cloud Security: Six Perspectives” to be most interesting. Theory is nice, but the six perspectives it shows are from real world examples of how you should secure your private cloud or approach public cloud security.
Where does this leave us? The Cloud Security Alliance (CSA) has been working on security guidelines for the cloud and on September 26, 2012, issued its guidance in identity and access management; the organization also released more information at the CSA Summit in London on October 8, 2012. The Cloud Security Alliance’s website lists the seventeen different research initiatives that are being worked on for cloud security. I think this is proof that we are headed in the right direction. However, we have to look at the flip side.
A betanews article looks at the ten issues that erode cloud confidence. The author points out these ten issues from a study by the CSA and Information Systems Audit and Control Association (ISACA) this year. This link requires a registration but I think you will find the report interesting and very informative.
I think it would be foolish to not have security concerns about the cloud—whether it is public or private. The main thing to be cognizant of is that security ultimately lies in your hands—no matter where your data, application, or servers are. Simply relying on someone else for your own security is certainly a recipe for disaster.