Security Risks in the Cloud

It's an era of mobile broadband, smart phones, and users who manage multiple computers and devices. Hence it makes sense to move email, photos, documents, calendar, notes, finances, and contacts to awesome web applications like Gmail, Evernote, Flickr, Google Docs, Mint, etc. But transferring any data to hosted web applications has its potential pitfalls and risks that get lost in all the hype around cloud-centric systems.

Cloud Computing represents one of the most significant shifts in IT, offering computing functions as a utility with promising innovations we cannot yet imagine. Customers are both excited and nervous at the prospects of Cloud Computing. They are excited by the opportunities to reduce capital costs and the chance to divest them of infrastructure management, and focus on core competencies. What excites them most is the agility offered by the on-demand provisioning of computing and the ability to align information technology with business strategies.

At the same time, customers are also very concerned about the security risks of Cloud Computing and the loss of direct control over systems for which they are accountable. Whether a firm is using Software as a Service (SaaS) version of customer relationship management (CRM) software, creating offsite backups of company data, or setting up a social media marketing page, it's trusting a third-party company with business information.

Although cloud computing can offer businesses significant cost-saving benefits, the service does come with certain security risks. As per Gartner, a leading analyst firm, cloud computing is loaded with security risks. Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. It is very important to understand the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that's been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.

  • Secure data transfer. All of the traffic travelling within a cloud network traverses the Internet, hence needs to be on a secure channel.
  • Secure software interfaces. Firms should be aware of the software interfaces, or APIs, that are used to interact with cloud services, else risk getting exposed to a variety of security issues related to confidentiality, integrity, availability, and accountability.
  • Secure stored data. Data should be securely encrypted when it's on the provider's servers and while it's in use by the cloud service. According to Forrester, another analyst firm, few cloud providers assure protection for data being used within the application or for disposing of your data.
  • User access control. Data stored on a cloud provider's server can potentially be accessed by an employee of that service provider. Companies should ask providers for specifics about the people who manage their data and the level of access they have to it.
  • Data separation. Every cloud-based service shares space on the provider's servers and other parts of the provider's infrastructure. Unsafe compartmentalization techniques, such as weak data encryption, can give other customers of the service provider easy access into your virtual container.
  • Lesser Privacy Protection by the Law. To search a house or office, authorities need a search warrant. But they don't need a warrant to get to the information stored on a third-party's web servers. Besides, this kind of search can also happen without the company's knowledge.
  • Server Unavailability and Account Lockout. A big benefit of storing data on a cloud server is that the company doesn't need to take back-ups any more. But what happened when servers do go down, and employees are dependent on the cloud for email or to access that PowerPoint slideshow for the big presentation?

In conclusion, although a company should address these security issues with the cloud provider before entrusting its data to its servers, these risks should not be a deal breaker. Cloud computing offers businesses too many benefits, so instead of dismissing cloud computing, business should set strict security checks and measures in place.

 

Leave a Reply