Tips To Lessen Cloud Security Fears
Simply because cloud computing is relatively new, it is still plagued with unfounded fears and doubts, the most prevalent of which is that of security. The truth is that it is just as safe as traditional networking technology, and sadly carries most of its vulnerabilities as well. But this just proves that it can be trusted in terms of security just as much as any technology we are using now. Granting, cloud computing is for the most part, just a new way of applying current technology.
To foster its adaption, we the proponents of cloud computing should try and convince the rest of the industry of its merits and dispel all the myths surrounding it. Let us start with the most prevalent hindrance to its adaption, security. So here are some tips in order to heighten our sense of security for cloud computing in general.
Choose wisely which applications are placed on the public cloud. The public cloud is the most convenient place for running our applications and placing our data because generally we are “hands off” when it comes to the maintenance, security, and general integrity of the aforementioned items. These are all taken care of by the service provider. But this in itself is kind of a security risk, having multiple individuals from a third party have access to your applications and data. We could never be sure about those persons because we would have no hand in hiring them and no idea of their backgrounds. So the best way for companies to do is plan ahead which mission critical applications and data go into the public cloud and which ones should be retained internally or invested into a more secure and hands on private cloud. Simpler things like websites, testing applications, product catalogs and specifications would probably be safe with the default cloud security being provided. Applications and data which are more sensitive or classified should be kept close at hand.
Evaluate the required layers of security. We are a paranoid bunch of creatures and often feel safer when there are layers upon layers of something to protect us. For example two locks make you feel safer than just one, a belt ensures you that your pants will not fall even if they already are a perfect fit, and we of course would feel safer in a tank rather than in a glass house when guns are involved.
This goes the same for our sensitive data. Always make sure that there are other security measures in place just in case one of them happens to fail, but you must also make certain that this kind of data or application also requires extra security and, hence justifying the extra cost. Authentication layers would greatly help in this regard. This is important because some types of application and data might simply not be worth enough for anyone to try and steal them, so they also require little security.
Find the perfect third party security auditing services. We simply can’t take anyone’s word for anything especially is security is involved. Though it could be true that your service provider is a real security expert, it often helps to increase our peace of mind knowing that another supposedly expert party is reinforcing this fact. In short get the opinions of other security experts by having them periodically audit your service.
Security should be front and center in your SLA. When drafting the service level agreement with your provider, make sure that security is being reinforced as highly important. Make sure that there are available auditing tools and reporting functions, otherwise the contract would be useless without any way of assessing how the security is holding up.
By Salam Abdul
He has recently co-authored: Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification (Wiley).