Top Five Cloud Computing Security Issues
Cloud computing has become widely accepted within large enterprise. The benefits of cloud computing have been widely touted—flexibility for employee workspaces and multiple location businesses, lower IT costs and greater computing strength onsite all make cloud computing a viable option for businesses. Not to mention, keeping all of your data offsite in the cloud increases the safety of your data; a security breach onsite does not jeopardize sensitive data, nor does a system shutdown render you unable to access important data.
However, with these benefits come some major risks. By its very nature, storing data offsite can present some serious security issues, and it is up to businesses and their IT managers to understand these Cloud Computing Security risks and take steps to mitigate them. Cloud security must be taken seriously or businesses could expose themselves to the serious consequences of a data breach.
Some of the more serious security issues that businesses using the cloud face include:
Access to data
Since most businesses use an outside vendor to manage their data within the cloud, paying close attention and limiting those individuals who have access to the cloud and its data. Not only is it important for businesses to carefully control who has access to the cloud internally by developing policies regarding passwords and authentication, but also to develop protocols for regulating who has access to the data on the vendor side. It’s important for businesses to choose a vendor that carefully vets employees and is willing to provide information about who has access to the data.
When your data is stored in the cloud, it’s stored with the data of dozens of other customers of that particular vendor. Without strong security protocols in place to keep the data separate, other customers of the vendor could access your data, whether accidentally or on purpose. Be sure that your vendor takes steps to separate customer data, and that everything is properly encrypted to prevent sensitive or private data from falling into the wrong hands.
Security of Data at Rest and In Transit
Storing data in the cloud is a lot like storing your personal belongings in an offsite storage unit. You wouldn’t put your grandmother’s priceless paintings in a unit in a bad neighborhood with minimal security—just like you don’t want to store your data in a cloud that is vulnerable to hackers and thieves. But securing the cloud doesn’t just mean securing the data when it is stored, waiting to be accessed. It also includes when the data is in transit, after it’s accessed by a user, for example, or when it is sent in an e-mail. Businesses need to ensure that the vendor they choose takes steps to secure data both at rest and in transit, using encryption, user authentication and other tactics.
Location of Data
In addition, you should know the physical location of the servers that are storing your data. In some cases, when data is stored outside of the U.S., it may not be subject to the same privacy regulations as it is in the U.S.—which could mean trouble for your business. Businesses need to be aware of where their data is kept, and ensure that the vendor will adhere to local security standards—and will be willing to disclose who has accessed data and when.
Difficulty Investigating Security Breaches
According to analyst firm Gartner, one of the major drawbacks of cloud computing is the difficulty of investigating security breaches when they do occur. Because so many customers are accessing data from so many locations—and the data is stored in so many locations—pinpointing exactly where the breach occurred might be impossible. However, when engaging the services of a vendor, businesses need to get a contractual commitment that the vendor can, and will, perform investigations and have successfully located security breaches in the past.
Perhaps the most important step any business can take to ensure security when choosing a cloud vendor is to demand transparency. Ask questions about risk management, the steps that have been taken to ensure data security and how much testing has been done on the system. Also, how adept the vendor is at anticipating risks and preventing breaches from occurring. Performing this due diligence will protect the business and its data while it takes advantage of the benefits of the cloud.
About the Author:
Jared Murphy is an IT consultant based out of Palo Alto, CA. With his blog he attempts to stay at the forefront of the IT security field and share the knowledge he has gained from his 15+ years’ experience with his followers. He also enjoys making sushi and exploring dog parks with his terrier, Bud.