Worried about Cloud Security?
Since the emergence of cloud computing, the term “Cloud Security” has been somewhat of an oxymoron. The sheer amount of financial and private data in the cloud (of businesses, consumers, employees) is an attractive target for attack. While security risks may not be new or exclusive to the cloud, the cloud allows for larger attacks. While improving Cloud security and privacy is an ongoing battle, we can look to some leaders in public cloud computing services to find some current practices for improving cloud security.
Once data is in the cloud, there must be encryption at all stages: data must be encrypted at-rest (in storage) and on-the wire (anywhere in transit) to minimize privacy risks associated with data breaches. Google has a policy of encrypting data between its own data centers. New software/service solutions such as cloud encryption gateways offer encryption and tokenization algorithms and give customers exclusive control of the encryption key (and sensitive data) rather than sharing it with the cloud provider.
To prevent unauthorized access to its iCloud servers, Apple now requires two-factor authentication and a login code; it is using fingerprint identification on new products instead of passwords and protecting mobile payments by randomly generating codes for each payment made. Salesforce.com uses two-factor authentication with time-based one-time passwords as well as risk scores whenever login attempts are made. Other risk-based authentication measures such as device authentication, geo-location and user activity are available to mitigate ID theft, data breaches and fraud.
Shared Security Responsibilities
As a cloud service provider (CSP), Amazon details its practices for providing physical and network security and administrative controls up to the hypervisor (virtual machine level) while its cloud customers are responsible for defensive security controls for the guest operating system (including ID and access management), middleware and applications.
Geo-Redundant Storage and Audits
To mitigate loss of public and private data and provide a defense against cloud outages (including denial of service attacks), CSPs should offer a primary and a secondary location (of the customer’s choosing) for redundant storage, backup and failover capability. CSPs should also be willing to undergo a third-party audit and security certification and background checks for developers who write cloud service code, to mitigate risks of insider attacks and theft of customer data.
Bottom line: Don’t have your head in the clouds when using cloud services. Keep up with new challenges and use every security and control measure available—from enhanced encryption to identity-proofing to retention of audit records—to protect data in the public cloud. The information for this article was provided by the professionals at Virtual Technology, who offer Oracle third party maintenance support.
PHOTO CREDIT: Flickr Creative Commons via Perspecsys Photos
About Dixie Somers
Dixie is a freelance writer who loves to write for business, finance, and women's interests. She lives in Arizona with her husband and three beautiful daughters.