Expert interpretation: Four Safety selection criteria for small-scale cloud

Consider the following security standards: Data encryption, redundant infrastructure, fine-grained access control, and Web application validation. First, Home Office and Small and medium business users need critical applications such as word processing, spreadsheet analysis, and demo tools. They also require e-mail and data storage capabilities for photos, videos, personal data, and small business data. Other tools that they need in the cloud environment include publishing software, annual tax reporting software, point-of-sale systems, and small and medium business accounting tools. How do you protect and recover all of these critical data when necessary?

The cloud provider should ensure that all sensitive data is encrypted. This encryption mechanism prevents the administrator of a cloud provider (such as Google) or an administrator of an Internet provider (such as at&t) from seeing credit or personal data on a storage Area network (SAN) or network attached storage (NAS) storage subsystem. Data should be protected when used in applications and at rest.

Use the redundant architecture within the cloud provider to quickly use and/or recover data. It is vital that e-mail, small business data, tax returns, or personal photos are not compromised, damaged or lost. It should be reassuring to know that the cloud provider's architecture is better than the IT infrastructure that small and medium enterprises are currently able to restore data only. Small businesses often store data on direct-attached storage (DAS) drives or on small NAS drives, which can easily crash. Does it specify who can access my data?

It is important to provide fine-grained access control for cloud customer data. Only small and medium business or home Office users can access data that is their own in the cloud environment. This data should be stored properly so that another person's e-mail or personal data is corrupted and does not affect other people's e-mail or personal data.

In addition, web-oriented applications (word processing, spreadsheets, tax data, and so on) should be validated periodically (once a year) so that we can be sure that our data is not being phishing attacks. This validation indicates that the provider's application is protected against all known network attacks until the end of the year.

At present, Google and Microsoft are small and medium-sized enterprises and Home Office cloud computing field of two big players. Google's Gmail (email products) and Google Docs have a pivotal position. Microsoft dominates the production, updating, and revision of word processing, spreadsheets, and demo tools. Microsoft's product is not a web-based solution. The battle over cloud computing's cake limits the adoption of the entire cloud.

In short, users and small businesses need to have critical applications that have Web user interfaces, so that users only need to use the cloud to deliver their services. Users need cloud based encryption and data recovery. Cloud providers deploy redundant architectures to prevent large-scale failures. Cloud providers must provide fine-grained, user-based access control to determine who can access the data. Cloud applications need to be validated on a regular basis to ensure that network attacks are prevented. Finally, enterprise competition hinders the full deployment of solutions for small office users and small and midsize enterprises in the cloud environment.

Original: Http://www.csoonline.com/article/638914/small-clouds-security-selection-criteria