How Cloud Computing Companies Make Their Data Centers Hacker-Proof

Cloud computing naysayers have long cited security and privacy as their number one concerns. While more and more companies are adopting cloud services, many corporations and small businesses are still hesitant to embrace the cloud because of concerns about lax security and hacker attacks.

Companies like Microsoft, Google, and Amazon claim to have extremely strong security and have never reported a major security breach. But smaller companies like Dropbox and Zappos have, but the breaches were typically due to internal programming bugs. The question is, should consumers believe that their data is safe with major cloud players? Can cloud computing giants really deliver on their security promises? The answer, in most cases, is a resounding yes.

The largest U.S. data centers are almost always certified by the federal government under programs like FISMA and SAS 70 Type II certification. Cloud companies that hold these designations have implemented physical and cyber security measures.

Data center security starts with physical security. Large data centers typically employ a sizable number of armed guards, as well as technological measures such as high-resolution video monitoring, motion tracking, and analytics software, biometric and/or electronic keycard locks, and extremely strict policies on who has access to servers and other sensitive equipment. Employees are also subject to background checks and screenings as thorough as possible for non-defense organizations.

Companies employ multiple methods to ensure data security. These typically include both data/disk encryption and “data obfuscation,” a process in which even unencrypted data is made illegible to humans and standard computer programs. Obfuscated data is only rendered in clear text or images once it is relayed from the server backend to proprietary frontend interfaces, such as Gmail, Hotmail, and QuickBooks Online. Companies also go to great lengths to ensure physical data security. Deleted data is destroyed using complex wiping algorithms and then overwritten by other real data. Discarded hard drives are physically destroyed, rendering data recovery impossible.

At the network level, cloud companies deploy both human analysts and highly complex algorithms to analyze network packet traffic and look for any anomalies. Suspicious packets are automatically dropped and IP addresses blocked if necessary. Most companies also employ complex security protocols that require any service contacting data center servers to possess a uniquely assigned internal identity. If a network query cannot identify itself as a legitimate request from an internal service, then the connection is terminated. Other network security measures include complex, multi-level routing to detect and block malicious activity, and advanced firewalls.

At the operating system and physical server level, companies typically develop their own flavours of Linux or UNIX which are unknown outside the company, almost impossible to target with malware and viruses due to both software security measures and their obscurity, and constantly updated. Servers are also only accessible by authorized employees with unique identification numbers, and all activity is logged and monitored by both automated software and human supervisors.

Overall, data center security is extremely sophisticated and constantly evolving, leaving virtually all hackers in the dust and making it all but impossible for internal employees to inappropriately access customer information. No contemporary computer system can be completely secure, but most businesses’ data is far less secure on their own servers and computers than it is in a federally certified data center.

By Robert Shaw

Robert

Robert Shaw was an early entrant into the cloud computing sector, working as a consultant for Accenture on server virtualization and software-as-a-service migration. He has also been a technical editor for eHow and other web properties and still provides local IT consulting services.

One Response to How Cloud Computing Companies Make Their Data Centers Hacker-Proof

  1. I agree that because of their scale and the fact it’s their core business, security of cloud providers will in most cases be best of class. However: Any data stored on US soil (cloud or not) can be pulled by the US government under the Patriot Act. This is unacceptable for a lot of companies, such as banks or other financial institutions. This would really favor Cloud providers that can indicate where data is (globally) stored outside of the US.

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs SMEs (Small/Medium Sized Enterprises) make up the bulk of businesses today. Most cloud based applications created today are geared toward the SME market. Accounting, Storage, Backup services are just a few of them. According to the European Commission, cloud based technology could help 80% of organisations reduce costs by…

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,…

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends

Technology Advice Report: 2014 Business Intelligence Buying Trends For nearly every business, the concept of business intelligence is nothing new. Ambitious organizations have been searching for any type of data-driven advantage for some time now – perhaps for as long as they’ve existed. However, the historical use of competitive intelligence pales in comparison to the…

Featured Sponsors

Sponsors

Is SaaS For You? Three Questions To Ask

Is SaaS For You? Three Questions To Ask

The idea of providing software to customers for a fee without the need for investments in IT infrastructure or staff has been around for decades. In the 1970s it was called Timesharing. Back then, companies utilized Timesharing services as their primary source of IT applications or as an extension of in-house IT applications, thereby avoiding…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter