Cloud Computing Security Concerns Linger


It is difficult to overestimate the change that cloud computing is bringing to the way organizations organize their IT infrastructures. In-house procedures developed over generations suddenly are obsolete as data is sent into the wide open spaces of cloud computing. While there is great truth in the axiom that sunlight is the greatest disinfectant -- and that clouds are nearer the sun than data centers -- it is important to recognize the security challenges that exist.


Security is one of several cloud-based issues looked at in this NewsFactor piece. The writer advocates the encryption of all data while in transit to and from the clouds. In cloud scenarios, it is not uncommon for network congestion and other events to cause the data to be rerouted. This rerouting, the writer says, can lead the data to hostile territory. In such instances, it clearly is vital to have that data scrambled.


Concerns about cloud computing security generally are focused on what transpires, or hopefully doesn't transpire, on the network. The unfortunate reality is that the network layer is just only one cloud computing security concern. This Securosis post outlines no fewer than four other areas to worry -- and hopefully do something -- about: the service level, the user authentication level, the transaction level and the data level. A thumbnail is given of each. For instance, user authentication becomes a greater concern in a cloud environment because of the increase in endpoint security procedures. The descriptions are sketchy, but the piece serves as a good starting point for those who need a fuller picture of potential cloud vulnerabilities.


Security is high on the list of concerns for cloud computing advocates. This Redmond Channel Partner piece traces those concerns through the prism of Microsoft's launch of the Windows Azure cloud-based operating system. Though the launch is testimony of Window's acceptance of cloud computing, the writer says that the desktop security industry will survive. He describes cloud security challenges and points out that there are inherent incompatibilities between cloud computing infrastructures and optimum security.


A newer form of cloud computing is alleviating a number of the security concerns. Private clouds act like their public cousins but, as the name implies, are not open to the general public. They can serve a single company, organizations that work together or firms that are in some other way logically linked. Among the advantages of such an arrangement is that everything happens in a tightly controlled environment. Thus, the dangers of transporting and storing data in the dangerous and threatening outside world no longer exists. eWeek reports that Dell is among the companies working on the concept and that it can foresee private clouds with companies such as Citrix or VMware.


It is not only vendors who are concerned. Federal Computer Week says the report Liberty and Security: Recommendations for the Next Administration and Congress argues that government standards for storage of sensitive data be reassessed in light of the emergence of cloud computing. The report was written by the Constitution Project, which is a coalition of First Amendment and civil liberties groups.