Cloud Computing Security

Cloud computing security is a concept that applies to the safety and security of data stored in the cloud, as well as to the protective measures taken to prevent viruses, malware and hackers from gaining access to a cloud-based system.

Security – The Major Concern

For most organizations contemplating moving to the cloud, security is probably the largest concern. The thinking here is that if data is being stored onsite, it is obvious much safer than if it were being stored in a data center on the other side of the country or on the other side of the world. However, this is not necessarily true.

Cloud computing security is a concept that was embraced early on by cloud-based platforms, and is actually quite robust. It encompasses a very wide range of techniques, procedures, technologies and issues, including physical access.

Areas of Particular Concern

There are a few areas in cloud-based data management and access that are of particular concern. These are as follows:

Identity Management – Because cloud-based systems authorize access based on identity, identity management is of crucial consideration. This includes everything from usernames and passwords to biometrics, two-factor authentication and a great deal more.

Access Control – Access control touches on identity management, but goes beyond it. Robust measures must be taken to ensure that access to crucial data is blocked, even from back doors and unlikely exploits of a system.

Privacy – The cloud is a shared resource, which means that privacy is a very important consideration, particularly for sensitive customer financial information, patient medical records, and other similar data.

Common Cloud Computing Security Controls

In an effort to protect data from exploitation, cloud providers should offer several important security controls.

Corrective – Corrective controls allow the mitigation of damage if a breach occurs. One example would be restoring damaged information or corrupted data from a backup copy.

Detective – Detective controls do exactly what it sounds like they would do. They monitor a system and look for intrusions, or for activity that is out of the norm, and then sound an alert.

Preventative – Preventative controls are those that help prevent access to a system in the first place. Good examples are physical and software-based firewalls, but there are many others.

Deterrents – Deterrent controls can be a type of preventative control, or they can be direct deterrents. These controls make it less likely that a system would be attacked in the first place.

Caveats to Cloud Computing Security

While cloud providers do need to strive for robust security, organizations using cloud-based systems cannot neglect their own responsibilities here. Breaches are much more likely to occur from the client side than from the service side, either through successful phishing attacks, or through direct theft of passwords and other identifying elements. It’s crucial that all staff members with access to the cloud system practice good password hygiene, understand the threat of phishing, including spear phishing, and do their part to ensure safety and security.