The exponential increase of the number of cloud computing providers and services over the past few years has logically brought a series of security-related issues, that need to be addressed in order for this form or computing to continue to grow with the same pace.
Anyone who has decided to let a cloud computing provider host their critical data and/or applications with all the benefits from that, needs to be aware of the security threats that lay within.
Simply put, security issues could be divided into two categories, according to their origin - inside or outside the cloud.
Part of external security is the presence of an up-to-date firewall system that blocks external threats from hackers and monitors the credentials of anyone accessing the cloud. However, firewalls are a must these days and all respectable cloud provides keep an eye on their incoming traffic and invest a lot in borderline security, so user data is secure from this point of view.
Another part of external security is the pure physical security of the cloud hardware. Access to the storage area should be tightly monitored equally on all locations where data is backed up.
Internal security, however is a more delicate issue. Unlike large data centres, the internal security within a cloud is a shared responsibility between all the parties involved - provider, users and intermediate third-party vendors.
For instance, application-level security is a client's responsibility. Platform-level security is shared among the user and the operator, while the cloud provider is responsible for physical and external security.
Basically, the deeper level of control within the cloud, the more critical security measures should be.
As the cloud environment is a shared environment, users need to be protected from one another. The main mechanism for this is virtualisation. Despite being the best technique to separate users, not all resources can be virtualised and issues may occur.
No comments:
Post a Comment