Technology » Digital

 

Security Risks in Cloud Computing – A Few Words to the Wise

By Pierluigi Stella
Jan. 26, 2012 

Many companies greatly underestimate the security issues in the cloud and end up trying to protect their servers only with a firewall, if even that. Because the cloud is being approached as a way to save money by reducing hardware rather than by improving efficiency, the idea of deploying security in the cloud is too often overlooked as an expensive and unnecessary luxury. This is heaven for the hackers, who couldn’t ask for anything better than an environment full of servers that aren’t protected.

A decade ago, security was generally seen as a firewall and, maybe, antivirus on the workstations. This is no longer acceptable. Various gateway protections have now emerged.  In the meantime unified threat management (UTM) devices appeared on the market and they started integrating all these technologies together. Network security today can be very strong; but too many companies are not adopting the same at the virtual level.

For one thing, in the virtual world you can’t install your own device. So you need to use what is available as a virtual solution. 

But most of the other offers, which customers can manage themselves, are just firewalls. And this poses a problem and a risk. A firewall is only a starting point, and definitely not the “entire” security you need to protect a network. You need to install your own open source code, compile it, configure it. Where are the savings when your people need to spend so much time securing everything? And so it happens that security becomes secondary because it is seen as too expensive to be done properly.

What makes matters even worse is the generalized lack of appropriate processes and procedures to deal with the cloud. When you move your data in the cloud, you need to ensure that access controls are as strong as they can be; you also need to reinforce your database even more than when you have it in house; and you need to define very clearly who has access to what and why. The same processes and procedures you use inside your company need to apply to the cloud.

divider

Comment on this article

Please add your comment by filling out the field(s) below.

Thank you for being a Corp! reader and submitting your comments. We ask that you keep your comments professional and to the point. All comments will be reviewed by the Corp! staff before publication. We reserve the right to edit them for content or appropriateness.




Recent Comments

Paul – good article. Adopting a cloud computing strategy requires that you know your cloud provider. We always recommend that you ask for their data center audit reports and read them. SSAE 16 (formerly SAS 70) is the leading report that should give you a good understanding of the companies security processes – if you ask for it and read it. Companies hosting health care in the cloud should also look for a HIPAA audit report to assure their cloud is compliant with all of the HIPAA and HITECH requirements. At Online Tech, we readily provide our audit reports under non-disclosure so they can be assured of the security, confidentiality and processes we use to protect their data and applications. I encourage anyone considering cloud computing to ask for and read the providers audit reports to make sure they have addressed the security concerns you discuss in this article. - Mike Klein President, Online Tech www.onlinetech.com


Posted By: Mike Klein on Jan 2012