The Cloud Security Conundrum
Security is always an issue whenever sensitive data is involved no matter what era it is; this was true during the time of the Greeks and it is true now. The problem, however, is compounded by an ever increasing complexity of technology and the sheer number of hands that have access or may gain access to that data in one way or another. There is a big piece of mind that a large metal box with equally large locks affords when it comes to security; the internet is the opposite. With millions of people having access to the internet and by extension potential have access to all your data, a few of them will bound to have some interest in that data and may possibly have the skills and means to acquire them.
This is the fundamental fear that CISO’s (Chief Information and Security Officer) and system administrators possess towards cloud computing, the public kind. A private cloud can be very secure because outside access can be limited or entirely removed, but that would really not be considered cloud computing in essence even if the same technology is used, it would simply be a private network where benefits like scalability and affordability remain untapped.
They often think that the cloud is inherently insecure. The opposite is actually true. Service providers have a vested interest in keeping their services very secure and even before launching the service they would make sure that their core competency is security. Unlike private clouds where there might be one or two security experts, cloud service providers employ multiple security experts so that they would have a couple of pairs of eyes on the watch 24/7.
There is also a belief that since the cloud is relatively new, therefore it is not yet secure. But this is not true, in fact much of the current security holes and vulnerabilities of the cloud infrastructure exist in traditional network infrastructure because most technology and protocols used are the same. Cloud computing is even more secure because of virtualization. It would be possible to hack into a server, but when there is virtualization and a single hardware is emulating multiple servers via software, it becomes almost impossible to be able to break in environments that exist only in the RAM. The virtual environment can provide more security so investment should be in this regards.
But recent surveys done by various organizations are reporting that not only are companies experiencing increased productivity and large cost savings in their cloud computing solutions, they are also getting the added benefit of increased security. This is a good start in dispelling some of these fears, rather myths, that surround cloud computing. When all apprehension is gone, maybe the real evolution can begin.
By Abdul Salam