According to the 2010, Gartner?s report on cloud computing, almost 75% percent of threats on clouds can be tackled, if a vendor and customer sit together and decide on what kind of cloud security features they want, before deploying. You must ensure you are aware of the possible threats and available features to combat those, before you approach a technology solutions provider for your cloud computing needs.
Cloud Security: Potential Problems and Solutions
Cloud security threats do not arise from technology only; it almost always has human factors involved as well. A cloud network should consist of genuine users only. Some security threats are:
Physical Security threat: Once the organization goes cloud, its information does not remain limited to the employees of the organization. There is a possibility of a physical security breach of the cloud. Discuss the security of the physical machines and access to those machines such that, access to relevant customer data is not only restricted but also documented. The only possible solution for the same is to ensure that all policies related to physical security are implemented. You need to probe into the physical architecture and layouts followed by the vendor.
Insider Malpractices: Going cloud would mean delegating control over the data and infrastructure. This would necessarily mean a threat of exposure of critical business information to competitors and interested parties. Most of the times, this data leakage cannot happen without an insider involved in the process. Possible solutions would be checking the background of involved employees, using secured lines of transfer with authorized ID?s only. This would also mean that the work place shall not allow any kind of paper or storage devices in which data can be pirated. Lastly keeping a log of the employees who handle the data would help in fixing responsibility.
Weak Encryption: There have been cases where data for different organizations have got mixed up because they were on a common cloud. Cloud security should make the data repository impermeable both from outside as well as inside. If data logs are maintained diligently and one adheres to good encryption practices, this would not happen. The access control should also be checked once. If possible, select a vendor who stores data in organizational silos. Looking at the key management system and dynamic keys is also a good idea.
One must also insist on the use of an impermeable firewall. That stops all kinds of attacks and should not allow data flow once it is on the network. Most of the times data should be in read only format and authorization be required for modification of information. Also, avoid cloud security vendors who do not conduct background check for customers.
Visit, Cloudaccess.com for cloud security solutions. They are one of the best cloud computing vendors and have commendable data migration, maintenance and storage practices.