Why the Cloud Is As Secure
Recently, a great portion of hype in the technology sector is related to cloud computing security and reliability. Recent service interruptions experienced by leading cloud services providers like Amazon, in combination with security issues and credential leaks that occurred in services delivered by Sony and Google’s Android operating systems raised questions about the overall security and safety of cloud-based solutions.
There is no simple or straightforward answer to the question whether the Cloud is a secure place for storing data, conducting transactions and maintaining corporate databases. Moreover, one should distinguish between private, public and hybrid clouds used to store corporate data run business applications. Most security experts agree that cloud-based solutions are as secure as offline software and storage products and services that run in a corporate environment, on a corporate server and are isolated from external networks.
Actually, a private cloud i.e. most clouds deployed by enterprises, small and large ones alike, can experience downtime as often as public clouds like those offered by Google and Amazon, for example. Private, public and hybrid clouds utilize infrastructure, hardware and software that is similar to the ones used in corporate private networks; therefore, IT specialists face the same problems in a “traditional” and a cloud environment. Over 200,000 Google’s Gmail users saw their email accounts emptied in a day, loosing emails and other documentation they archived for years. However, corporate users could experience the same troubles should a company server crash, deleting data stored in their corporate email accounts. No one is insured against hardware faults and Google later admitted that the mysterious loss of data occurred due to a combination of hardware and software faults.
The human factor should not be underestimated, too.
Government agencies around the world avoid using cloud services offered by corporate providers because of the risks related to data leaks and data protection in the Cloud. Actually, most reputable providers of cloud services apply strict data and software access policies similar to those implemented by government bodies. On the other hand, data leaks within the government-run companies and agencies occur more frequently than information leaks originating from corporations. If an American sergeant managed to transfer sources to Wikileaks, thousands of classified government cables stored within the U.S. Army computer networks, one should bet that the same can happen to myriads of files and emails stored in public cloud services. The greatest danger is related to targeted attacks and business espionage while individual users should beware mostly of identity theft.
Reliability of cloud services is another issue that should be taken into account. A growing number of providers offer cloud services and products while Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) are now commonly used to reduce corporate costs. Other enterprises rely on Infrastructure-as-a-Service to run their business but in all these scenarios business depends on external resources to run smoothly their everyday operations.
Thus, reliability of cloud products and services is now a major issue while many IT specialists admit they are not convinced in the reliability of cloud solutions deployed within their respective organizations. For example, an enterprise greatly reduces its software licensing fees and payroll costs by deploying a cloud software platform but such a solution can cost dearly if the PaaS provider does not offer an acceptable reaction time in case of malfunctions and service faults.
Once again, the same troubles can occur in a “traditional” software environment where a platform is not supported in an appropriate manner or a company lacks experienced IT staff. Connection and processing speed is also a concern when the issue in hand is cloud computing but this can be subject to a separate article.
In reality, the Cloud is as secure and safe as is a personal computer connected to a closed corporate network, provided that the network is maintained by well-trained specialists and all available and applicable security and safety measures are implemented. No complete security is available in an interconnected environment where practically all devices and gadgets are able to connect to a sort of network.
Apart from imperfections offered by software and hardware, the human factor is still the main threat to security and safety in the Cloud.
By Kiril Kirilov