Cloud computing security is concerned with protecting the data, applications and infrastructure of cloud computing service. Security issues associated with the cloud come from two broad areas: those faced by the cloud service providers, and the issues faced by their customers.
Organizations use the cloud in different service models which can include SaaS, PaaS and IaaS. Deployment models for the cloud include private, public and hybrid versions. The provider must see to it that their clients’ data and applications are protected and the infrastructure they offer is secure; however, it is still the responsibility of the customer to ensure that the provider they choose has adequate security measures in place.
The top cloud security concerns include:
1. Data loss. Data can be lost in a variety of ways, from a natural disaster to a careless cloud provider or a mysterious data disappearance. Even data encryption efforts can backfire if you lose your encryption key.
2. Data breaches. Virtualization in cloud infrastructure brings unique security concerns, as it alters the relationship between the OS and underlying hardware. The virtualization “layer” must be properly managed, configured and secured. If a cloud service database with multiple tenants isn’t designed properly, a single flaw could open the door to a hacker to access not just the one client’s data, but all of the other clients’ data as well.
3. Account or service traffic hijacking. If a hacker accesses your credentials, they could listen in on all of your activities, manipulate your data and redirect clients. Credentials should be guarded with vigilance as well as two-factor authentication techniques.
4. Denial of service. DoS has been a threat on the internet for years, but it is even more problematic when organizations are dependent 24/7 on the availability of their services. Outages cost time, money and customers.
5. Malicious insiders. Whether it’s a current employee, a former one, a contractor or even a business partner, an improperly created cloud can result in even greater havoc. Even if encryption is there, if keys aren’t with the customer and only available during data usage, any system can be vulnerable to an insider attack.
The advent of the age of the cloud has led to many concerns and considerations about cloud computing security. However, forewarned is forearmed, and businesses that are aware of the potential risks and pitfalls of the cloud will be better equipped to choose a provider who will ensure all areas of security are covered.