Fundamental Elements Of Cloud Computing Security

Fundamental Elements Of Cloud Computing Security

Cloud security or cloud computing security evolved from information security and includes a wide set of controls, technologies, and policies used to protect the associated infrastructure, applications, and data of cloud computing. It is not related to the cloud-based security software services or commonly referred to as security-as-a-service.

Security issues related to cloud computing can either be security issues experienced by end users or security issues experienced by cloud suppliers. In general, cloud providers must make sure that what they’re offering is secure and their customers’ applications and data are also protected. The client, on the other hand, must ensure that the cloud supplier has the appropriate security implemented in order to protect his data and applications. Because of virtualization, customers of public clouds have growing concerns regarding the clouds security primarily because virtualization has changed the relationship between the hardware and the operating system. Additional concern about the virtualization software, with a tendency to be compromised, makes users wary about the capability of cloud computing to be secured.

In general, cloud computing security fall into three general categories: Contractual or Legal Issues, Compliance, and Privacy and Security. For the contractual and legal issues, end users and cloud vendors have to negotiate about liability, end-of-service, and intellectual property. They must agree about the degree of liability of each party when data has been compromised or lost. They must also agree on how the applications and data can be returned to the client when the contract isn’t renewed. Cloud providers must also take into consideration how the records are kept because there certain statutes which require electronic records to be kept in a certain way. Public institutions which are utilizing the cloud and storage must consider the laws regarding record keeping.

With regards to data and storage to the cloud, there are various rules and regulations which must be adhered to such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Payment Card Industry Data Security Standard. Cloud computing vendors must be able to provide their users to adhere to such rules and regulations easily. There must also be data recovery and business continuity plans so that service can be maintained in case of emergency and/or disaster. Whatever data is lost must have an assurance that it can be recovered. The clients must be able to review such plans so that they’ll have an assurance that their information is safe with the cloud providers. Cloud computing providers must be able to provide audit trails and logs and such items must be maintained, secured properly, and accessible in case a forensic investigation takes place. The cloud data centers must be maintain in such as a way that they adhere to compliance requirements.

In terms of privacy and security, every user must have his identity management system in order to access computing and information resources. The cloud providers must be able to provide such system to their users. Aside from securing access of data through the internet, the cloud providers must be able to assure their users that the physical servers are all secured and that access to such servers and even user data are all documented. They must also ensure that users can easily access their applications and data when and where they need them. In the production environment, cloud suppliers must be able to secure applications by implementing procedures not only for packaged or outsourced application but also an application security must be implemented.

Lastly, cloud vendors must be able to secure every critical data like credit card numbers by masking and restricting access to such data. Credentials and digital identities must be secured just like any data which cloud providers produce or collect from their users cloud activities.

By Florence G. de Borja

Sorry, comments are closed for this post.

Comics
Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

Four Trends Driving Demand For Data Security In 2017

Four Trends Driving Demand For Data Security In 2017

Data Security Trends 2017 will be a hallmark year for security in the enterprise as all industries have reached a tipping point with respect to cloud and mobile adoption, forcing more and more data beyond the corporate firewall. Over 100 IT executives weighed in on their plans for 2017 in our latest survey; buried among…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked and private information of customers or employees stolen. Governments and oversight organizations are responding to…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Success for Today’s CMOs Being a CMO is an exhilarating experience – it’s a lot like running a triathlon and then following it with a base jump. Not only do you play an active role in building a company and brand, but the decisions you make have direct impact on the company’s business outcomes for…