Ensuring Cloud Security
Cloud technology has taken over almost all the organizations networking arena, making an incredible influence in enabling mobility, security, and data safety. Even though the modern cloud security leverages top level encryption techniques, complete security is still a matter of debate. Today, the Cloud computing security techniques encompasses of various security policies as well as control-based technologies designed to adhere to regulatory compliance rules and protect data applications, information, and infrastructure associated with cloud.
Cloud computing security solutions are gaining a faster pace, providing many of the same functionalities as traditional IT security that includes protecting critical information from theft, data leakage, and deletion. For a better understanding, take a look at some of the top cloud security concerns existing in the arena today.
1. Software interface
Cloud software interfaces are not always trustworthy. The Cloud Security Alliance warns the users to be aware while using cloud interfaces, especially third-party interfaces that interact with the cloud services. Depending on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to the information confidentiality and integrity. In addition, it recommends learning the techniques that the cloud service provider uses to integrate security through its services from activity monitoring to user authentication and access control.
2. Data Storage
Encrypting the data when it is on the provider’s server, as well as when using the data stored in the cloud server are other important aspects that have to be considered in maintaining security. Various reports suggest that only a few cloud providers assure protection for data being used within the application. While selecting a service, it is important to ask potential cloud providers how they secure the user data not only when it’s in transit but also when it’s on their servers and accessed by the cloud-based applications. In addition, make sure that the service provider securely disposes all the data when not required.
3. Data transfer
All the data that travels within the network or between the organization's network and the cloud server must be encrypted. Especially, the data traffic between cloud and the organization should be passing through a secure channel for better safety. Make sure that when connecting to the provider the URL begins with ‘HTTPS’—Hypertext Transfer Protocol Secure— the secure version of HTTP. Moreover, all the data should be authenticated and encrypted using standard protocols such as Internet Protocol Security (IPsec).
4. Access Control
As in organizational environments, there are several users accessing the data stored in cloud, there should be personal access control techniques for ensuring safety. All the uses should be allowed access to only the data that the user needs and has to be categorized. Access should only be allowed based on user designations or the data sensitivity.
Cloud computing offers small to large businesses numerous benefits with data storage, and analytics. The CIOs should address cloud security issues with the service provider before entrusting data to the server and applications. For the best results, make sure that these security challenges are thwarted even from the first time the organization is connected to cloud.
By Nancy S. Wolk, CIO, Alcoa - Global Business Services
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Bryson Koehler, EVP & CIO, The Weather Company, an IBM...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Lowell Gilvin, Chief Process Officer, Jabil
By Dennis Hodges, CIO, Inteva Products
By Gerri Martin-Flickinger, CIO, Adobe Systems
By Walter Carvalho, VP& Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Kushagra Vaid, GM, Server Engineering, Microsoft
By Steve Beason, Enterprise CTO, Scientific Games
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Alberto Ruocco, CIO, American Electric Power