Fundamental Elements Of Security

Fundamental Elements Of Security

Cloud security or cloud computing security evolved from information security and includes a wide set of controls, technologies, and policies used to protect the associated infrastructure, applications, and data of cloud computing. It is not related to the cloud-based security software services or commonly referred to as security-as-a-service.

Security issues related to cloud computing can either be security issues experienced by end users or security issues experienced by cloud suppliers. In general, cloud providers must make sure that what they’re offering is secure and their customers’ applications and data are also protected. The client, on the other hand, must ensure that the cloud supplier has the appropriate security implemented in order to protect his data and applications. Because of virtualization, customers of public clouds have growing concerns regarding the clouds security primarily because virtualization has changed the relationship between the hardware and the operating system. Additional concern about the virtualization software, with a tendency to be compromised, makes users wary about the capability of cloud computing to be secured.

In general, cloud computing security fall into three general categories: Contractual or Legal Issues, Compliance, and Privacy and Security. For the contractual and legal issues, end users and cloud vendors have to negotiate about liability, end-of-service, and intellectual property. They must agree about the degree of liability of each party when data has been compromised or lost. They must also agree on how the applications and data can be returned to the client when the contract isn’t renewed. Cloud providers must also take into consideration how the records are kept because there certain statutes which require electronic records to be kept in a certain way. Public institutions which are utilizing the cloud and storage must consider the laws regarding record keeping.

With regards to data and storage to the cloud, there are various rules and regulations which must be adhered to such as the Sarbanes-Oxley Act, the health Insurance Portability and Accountability Act, and the Payment Card Industry Data Security Standard. Cloud computing vendors must be able to provide their users to adhere to such rules and regulations easily. There must also be data recovery and business continuity plans so that service can be maintained in case of emergency and/or disaster. Whatever data is lost must have an assurance that it can be recovered. The clients must be able to review such plans so that they’ll have an assurance that their information is safe with the cloud providers. Cloud computing providers must be able to provide audit trails and logs and such items must be maintained, secured properly, and accessible in case a forensic investigation takes place. The cloud data centers must be maintain in such as a way that they adhere to compliance requirements.

In terms of privacy and security, every user must have his identity management system in order to access computing and information resources. The cloud providers must be able to provide such system to their users. Aside from securing access of data through the internet, the cloud providers must be able to assure their users that the physical servers are all secured and that access to such servers and even user data are all documented. They must also ensure that users can easily access their applications and data when and where they need them. In the production environment, cloud suppliers must be able to secure applications by implementing procedures not only for packaged or outsourced application but also an application security must be implemented.

Lastly, cloud vendors must be able to secure every critical data like credit card numbers by masking and restricting access to such data. Credentials and digital identities must be secured just like any data which cloud providers produce or collect from their users cloud activities.

By Florence G. de Borja

David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web. This is the prime reason why web accessibility is conceived ...
Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure that their networks and systems are as secure as possible ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
Flexiant Tony Lucas

There Are Still Opportunities For Service Providers

Opportunities For Service Providers Service providers (SPs) still have a golden, but short-lived opportunity to commercialize the $266.4 billion cloud services market before AWS and others call it “game over.” By being more agile, able to ...
Mark Barrenechea

Information is at the Heart of Your Business

Information Business Even though digital information is evolving at a rapid pace, the world is still document-centric. Documents, whether created by a human or generated by a machine, underpin every operation, communication exchange and innovation ...
Evelyn Min 180x180

The Companies That Know The Most About You

The Tracking Era (Updated: 11.03.2020) Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the General Data Protection Regulation. As a board advisor at Universal Patient Key, we've ...