In our second installment of our cloud computing explanation I will discuss security. This topic is by far the most discussed and of major concern to users and companies alike. No one wants their data compromised or inappropriate accessed. To read the first installment “Cloud Computing 101 – Introduction (Part I)“
Before we get started I would like to answer a question that a reader asked me yesterday. They asked if I could pinpoint the term “cloud” origins. The phrase originates from the cloud symbol used by flow charts and diagrams to symbolize the Internet. It was used to convey the idea that any computer connected to the web has access to a pool of computing power, applications and files. In 1987 the Internet only had 10,000 hosts, by 1989 that number would jump to 100,000. Today the Internet has over two (2) Billion users. The first reported public use of the term was in August of 2006 at a search engine conference in San Jose, California when then Google CEO Eric Schmidt described one approach to data storage as “cloud computing.” So there you have it.
Now let’s get started on cloud security.
Just how secure is the cloud? That really depends on who you talk to. Security is a dicey subject and an ongoing battle between good and evil. Not long ago I am sure you read the news articles about major companies being hacked, Sony with their Play Station database, CitiGroup with the customer credit cards. The list goes on, Amazon, eBay, Exxon, Shell, BP, Visa, Bank of America, Wells Fargo… The hall of shame is large and it is estimated that over ninety (90) percent of all companies have been hacked to some degree.
So first let’s take a look at security in general, shall we. Just by connecting computers and servers to the Internet a company opens a door into its data and that door is an eye-catching target for attacks. If you do not have the latest updates, patches, anti-virus, malware, adware and personal firewall installed on your computer, then you are susceptible to having bad things happen to you, like viruses and worms. When this happens, your computer could then infect other computers it comes in contact with while surfing the Internet. Of course I am just scratching the surface here to define the issue. This topic will be discussed in greater detail in a future post.
Smart users and companies have policies and procedures that are strictly administered. But – that didn’t help Sony, Amazon or eBay, did it. No, unfortunately no matter how big or financially stable a company is, that is not going to protect them. Some people argue that being a big company puts a bigger target on your back. The sad truth is budgets are to blame. Companies have to balance a fine line between profitability and pleasing their user base. I bet you can guess which one is going to come out on top. Traditionally – when I work with companies, two items that they want to cut back on are security and personnel training.
OK – so now let’s talk about Cloud Security. When people talk about cloud security they are either referring to security for the cloud – 1) security that protects their cloud servers and data stored on those servers, 2) security from the Internet such as computers that have been infected. You can basically think of this as incoming and outgoing traffic, it’s a two-way street. Good cloud providers protect in both directions.
Cloud computing has “distinctive characteristics that require risk assessment, such as data integrity, privacy, recovery, and legal issues such as regulatory compliance, and auditing. If these are a concern for you, then you really need to assess your cloud requirements and research the cloud provider in greater detail. There are some things you should consider:
- User Access: Does the cloud provider offer layered access? Several providers offer all or none access. Look for a provider that offers layer of access; meaning not just user control but also folder or file level access. If your provider can offer both of these, then you will have greater control and security of your data access.
- Government Compliance: You are responsible for the security and integrity of your own data, even when it is held by a cloud provider. Make sure your cloud provider has access logs and audit controls so you can know who is accessing your data and when. These should be readily available to you.
- Data Location: When you use the cloud, you probably won’t know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. As I mentioned in the first part of this series, (Cloud Computing 101 – Introduction) you are better off working with a provider that stores your data in the same country you reside in. If you work with a provider outside of your country, you might run into legal issues that you cannot resolve.
- Recovery: Even if you don’t have a recovery (disaster recovery) plan, your provider should. What is it? Also – how does your provider treat your data? Are there backups? What about version control. What happens if you or one of your co-workers or employees accidentally deletes a file or folder? Can it be recovered, and what are the time limits to recover that data? Here is a customer scenario I seen a few times over the years – a disgruntled employee deletes company data stored in the cloud then quits. The company may not realize this immediately. Can you still recover that data? If the answer is no, find another cloud provider instantly.
- Data Segregation: In the cloud your data is typically in a shared environment alongside data from other companies. What architecture infrastructure does your provider employ? Is your data encrypted? How is your data protected while it is “at rest”? Meaning when your data is not being accessed what precautions has your provider taken to protect it.
- Support: What type of support does your provider offer? Will you be stuck reading through their FAQs and help files, or perhaps send an email to their support and hope for a response? Can you contact a live person, if not – are you technical enough to solve your problems by yourself?
In summary – First and foremost, security is everyone responsibility. Everybody needs to be vigilant regarding security. Users need to make sure their computers are updated with the latest patches and anti-virus. Companies need to protect their networks with firewalls and network tools denying unauthorized entry and cloud providers need to validate users accessing their systems and monitor, and then log that access. Cloud providers also need to ensure data “at rest” is protected and they need to have appropriate file structure in place.
In closing – Cloud Computing is meant to be a good thing. It was design to allow us to share and store files, it was also designed to make our lives easier. It allows us the opportunity to spend less on hardware infrastructure, software, updates and staff. Cloud Computing can save you a lot of time and money. But by all means, do your homework and ask questions of your provider.
If you would like, we provide a free technical assessment. This can be beneficial to new and startup companies that are not sure where to start. Raven Cloud computing provides all of the above mentioned services; you can find these at our website here. For the above mentioned sample of cloud servers or online storage, you can find them here.