617.938.6200
When in need of data storage, convenient file sharing capabilities, or expedient IT consultations, individuals and businesses often get nervous when considering the prospect of using cloud systems.
Because “the cloud” is perpetually used as a metaphor for the internet, potential users frequently fear that any privileged information saved to the cloud is simply lingering in cyberspace and is at the fingertips of anyone who seeks it.
Sure there are risks. As seen with any new development produced in the dotcom era, new technology breeds new people who look for ways to manipulate and compromise it.
But cloud security has risen to the challenge as of late. As the popularity of cloud computing and data storage has increased over the last few years, so have the security and privacy measures offered by their respective companies.
Strong cloud security begins with the infrastructure. If the cloud system’s infrastructure is insecure, it puts the confidentiality and availability of all information used via that cloud system at risk. The infrastructure constitutes a cloud system’s first line of defense. This can be enforced by patching servers, configuring firewalls, and placing intrusion-detection systems (IDS).
Data confidentiality and availability can be protected through encryptions and authentication processes. These can include passwords, pass-codes, authenticity certificates, etc. Prices for all of these services may vary from company to company, though the services are all basic necessities for achieving the maximum fortification of any data, application, product, or service.
Amazon offers a great example of cloud defense in the multilayered and multifaceted security structure for its community, private, and hybrid cloud system; Amazon Web Services (AWS). AWS consists of Identity and Access Management (IAM), Multi-Factor Authentication (MFA), and key rotation. IAM allows for the use of multiple users by administrator granted permissions. These permissions require unique security credentials by the user. MFA is the security for account settings and management resources. This requires a six-digit single-use code and an Amazon email ID and password. The code is obtained from an authentication device off of the AWS website. AWS also supports multiple access keys and certificates that can be frequently switched in or out allowing for a convenient key rotation at the user’s preference.
The idea of using a public cloud for services and data storage can be a concern because of the preconceived notion that public cloud security is minimal or even nonexistent. This is hardly the case as public cloud security has come to rival that of private and hybrid clouds. Even though public clouds have a much wider user base, the biggest security risk comes from the potential for the provider’s employees to steal or leak data. They combat this by utilizing on-site security measures like video surveillance. Public systems also use very similar security precautions as private and hybrids such as custom IDS, firewalls, and administrator-granted authentications.
The reality is that cloud security is tight and is only going to advance as time passes. What it really comes down to is the type of service you want and how much you want to pay. Like most any product, you get what you pay for and the same principle applies to cloud services; the more you spend, the more you get. So don’t be afraid to take advantage of the cloud. The security measures taken by providers are excellent and the rewards at the hands of the cloud heavily outweigh the risks.
Sources:
http://cloud-computing.learningtree.com/2012/01/11/compare-cloud-security-to-your-security/
http://aws.amazon.com/security/#features
http://www.smartertechnology.com/c/a/Cloud-Computing/A-Closer-Look-at-Public-Cloud-Security/
http://en.wikipedia.org/wiki/Security_audit
http://en.wikipedia.org/wiki/Load_balancer#Load_balancer_features