|Securing the Cloud
The term cloud computing has become ubiquitous in the tech world and even SMB companies are leading the pack to opt for cloud services. Of course they are concerned about the security implications of making the transition to cloud computing.
In fact the perception of threats for cloud computing is diverse. Some CIOs worry that the data is not safe on a cloud as it can be hacked into. Others feel that the cloud service can act as a wormhole for hackers to attack their own networks.
But hereís a newsflash for them. The cloud canít be secured. And if you stop to think about it, is there a need to secure it? Ravi Shankar, CEO of Nevales Networks states that for a SMB business owner cloud computing is attractive from a cost point of view. But he cautions that its security is yet to be proven convincingly.
"SMB owners should focus on how to secure their assets and resources which connect with the cloud and are within their control, as a first step. This ensures they have a more efficient network to securely leverage benefits of the Cloud. There is still some distance to go before Cloud is recognized for safety, till then SMB owners should focus on taking the first step of securing the access points at their end to the cloud," Ravi Shankar added.
One of the compelling reasons that vendors have been using to get their customers to shift their processes to a cloud is the freedom from managing the security of their data assets. When a customer subscribes to a cloud service, the onus of ensuring the security of this data gets transferred automatically to the service provider.
At a time when IT budgets are dissolving, this will come as music to the ears of IT managers and CIOs. But before they pop the champagne they need to bear in mind one fact - just because the service provider is taking the charge for the security of the data on the cloud, it does not mean that they will also take the responsibility that the data complies to various international regulations.
How secure is a cloud?
There is no denying that cloud computing security is considered to be an issue and vendors of all hues are trying their best to come up with ways to make it completely secure. For instance, Nevales provides SMB owners a security services platform which is on demand to connect securely and access the benefits of the cloud. By doing so, the SMB company can protect its own assets and better leverage cloud services.
"We believe that the services delivered from the cloud will be extremely compelling for SMB owners in the near to medium term, given the investments in this space continue to be significant and that customers will be made very attractive offers at throwaway price points. A first step to this will be for the SMB to ensure his connectivity with the cloud," Ravi Shankar points out.
One of the reasons why cloud computing is throwing up challenges for security is because the data resides on a single service providerís cloud and can be accessed through various shared computing sources.
The Cloud Security Alliance (CSA) was commissioned by HP to conduct a research to detail the potential threats surrounding the use of cloud services. This resulted in the research paper, "Top Threats to Cloud Computing Report", where information security experts across 29 enterprises, solution providers and consulting firms shared their feedback about cloud environments.
This survey highlighted the following as the leading threats for cloud computing:
- Abuse and nefarious use of cloud computing
- Insecure application programming interfaces
- Malicious insiders
- Shared technology vulnerabilities
- Data loss/leakage
- Account, service and traffic hijacking
- Unknown risk profile
In the end, to be able to fully leverage on the benefits of cloud computing it is essential that organizations invest the right resources to appropriately secure their data assets. The cloud service providers will definitely do their bit to ensure that the right levels of security is built into their service models. But customers too need to realize the security implications associated to cloud services before they shift the processes to it. After all, it is always better to be safe than sorry, especially where data security is concerned.