Cloud computing security has gotten a lot of attention during the past few weeks. The stakes, of course, are high: It is essentially impossible to utilize the concept, which focuses on using resources of various sorts that are hosted on the Internet instead of at the corporate data center, without putting vital data in harm's way. All of the potential advantages are obviated and the idea will fade to niche status if these security questions are not answered to IT departments' satisfaction.
Datamation lays out some of the essential issues. Cloud computing is evolving to the point that an organization is trusting a chain of providers. Like any other sector, cloud vendors outsource bits and pieces of their business. Thus, the decision isn't whether to trust just the primary vendor; it's whether to trust its judgment and its partners.
The writer references a Gartner study on cloud computing that suggests that companies must be aware of the risks of cloud computing before committing to it or passing it by. The story describes nine security concerns (privileged user access, compliance, data location, data segregation, availability, recovery, investigative support, viability and risk reduction support) and Gartner's ideas on handling them.
Indeed, understanding the risks as well as the benefits is key to a prudent decision on cloud computing. For instance, according to Network World, companies often don't build in redundancy to their cloud infrastructures. Cloud computing often is compared to the electrical grid. However, the story points out, companies back up their reliance on the electric grid with generators. Not many do the same thing for computer resources that are outsourced to the cloud. To date, the piece adds, there are no standards in place for cloud security -- and, until they emerge, most of the responsibility will fall to IT departments.
While some folks suggest that cloud computing is at best a security challenge, others see it as a way to improve security. This detailed post outlines immediate and longer-term security benefits from cloud computing. The categories, each divided into a number of subcategories, are centralization of data, better incident response and forensics, more efficient password assurance testing, better logging, improved security software performance, more secure builds and better testing.
BroadDev connects a few dots and creates a picture that won't make cloud proponents happy. The writer says that security is lagging in "securing mobile, state-changing servers." State, in IT, refers to the knowledge the sending and receiving devices retain about the connection. In a stateless connection, bits are sent without a record being kept. The writer extrapolates issues he has with problems of state in virtualized environments to cloud computing. The takeaway for a non-engineer is that there are tremendous security issues that experts are only beginning to ponder.
DevCentral echoes calls for businesses to proceed cautiously. If the cloud is infiltrated, it says, all the data within is vulnerable. The writer suggests full application security from layer 2 to layer 7 of the Open System Interconnction (OSI) Protocol Stack. The emphasis should be on keeping as many dangers out of the cloud as possible, not finding them once they are there.