The hustle and bustle surrounding cloud computing may make you think that there will be a massive adoption of cloud computing tomorrow. However, many studies have shown that security is the biggest obstacle to large-scale adoption of cloud computing. The reality is that cloud computing is just another step in the way of technology evolution along host, client/server, and Web applications, so it has its own security problems, just like all other phases.
Of course, security concerns do not prevent the use of these technologies, nor can they prevent the adoption of cloud applications that address the real business needs. To ensure that the cloud is secure, it needs to be treated as the next step in technology, rather than as a revolution that requires a radical change in the security model. Security policies and procedures need to be tuned for cloud mode to prepare for the adoption of cloud services. As with other technologies, we have seen some early adopters gradually eliminating the mistrust of cloud models by taking the lead in deploying private clouds or experimenting with non-critical applications in a common cloud.
Businesses and organizations ask a lot of questions and weigh the pros and cons of using cloud computing solutions. Security, availability, and manageability are all factors to consider. This article is about 10 security-related issues that the Organization should consider, and answering these questions helps businesses and organizations decide whether to deploy the cloud and, if so, what cloud pattern should be used-private cloud, public cloud, or mixed cloud?
1. How will cloud deployment change enterprise risk management?
Deploying cloud computing-whether it's a private cloud or a public cloud-means you no longer have full control over the environment, data, or people. Changes in control can lead to changes in risk management--in some cases the risk increases and in other cases the risk may decrease. Some cloud applications will be completely transparent to you, providing advanced reporting capabilities and being able to integrate with the enterprise's existing systems. Such applications can reduce the risk to the enterprise. Other cloud applications may not be able to improve their security configuration to match the existing security measures of the enterprise, thus potentially making security risks larger. In conclusion, the enterprise's data and its sensitive level will ultimately determine what kind of cloud model should be adopted.
2. What needs to be done to ensure that existing security policies are able to accept cloud patterns?
The migration of cloud mode is an opportunity to improve the overall security situation and security policy of the enterprise. Early users of cloud applications will have an impact and help drive security patterns implemented by cloud providers. Instead of creating new security policies for the cloud, organizations should extend existing security policies to accommodate the newly added cloud platform. In order to deploy the cloud, the security policy needs to be considered in terms of the same factors as before: where the data is stored, how the data is protected, who can access the data, what regulations to comply with, and the service level agreement, and so on.
3. Will cloud deployment compromise enterprise compliance?
Cloud deployment can change the risk profile of an enterprise, and thus may affect the ability of an organization to adapt to various regulatory compliance. This requires a reassessment of compliance needs when compliance needs to be associated with cloud deployment. Some cloud applications have strong reporting capabilities that can be tailored to meet specific compliance needs, and some applications are more generic, unlikely, or not adaptable to detailed compliance needs. For example, if a country's legislation stipulates that the data of an enterprise may not be kept outside the national territory, some cloud providers may not be able to meet the regulations because of the location of their data centers.
4. Are cloud providers using some kind of security standard (SAML, WS, ISO, or others)?
Standards play a very important role in cloud computing, because interoperability between various cloud services is essential to ensure that the cloud does not fall into a secure island of patents. Many organizations have created and expanded various standard initiatives to support the cloud. cloud-standards.org lists most of the standard organizations associated with cloud computing, including organizations related to cloud security standards.
5. What if a data leak is to be handled?
When the enterprise plans cloud security, it must correctly set up the plan to prevent data leakage and data loss. This is a crucial point when companies sign an overall agreement with a cloud service provider. Both the cloud provider and the enterprise should develop a disclosure policy or regulatory rules that must be complied with. Companies must urge cloud providers to support the enterprise's informed needs when needed.
6. Who is the responsible party in safeguarding the safety of enterprise data? or who should be considered the subject of responsibility?
In reality, the responsibility for security will be shared by both sides. However, in the opinion of public opinion courts (at least today), it is the enterprise rather than the cloud provider responsible for collecting data, so only enterprises should be considered as the ultimate responsibility of information security. If the agreement between the enterprise and the cloud provider is watertight, perhaps the enterprise may be less responsible, and cloud provider responsibility altogether, but from the Enterprise customer's point of view, the enterprise still can be regarded as the final responsibility person.
7. How do I ensure that only appropriate data is deposited in the cloud?
It is important for an enterprise to know which data is sensitive, to build the appropriate security model based on the data and the key to the application, and to understand what data can be stored in the cloud. This process should start long before considering cloud deployments, as this is a key part of good security behavior. Many companies use data leak prevention techniques to classify and tag data.
8. How to ensure that only authorized employees, partners and customers can access data and applications?
Identity management and access management are pre-existing security challenges that can be magnified in cloud deployments with technical features such as federalism, security virtualization systems, and pre-configured that play a role in cloud security, as they do on today's IT platforms. Extending and complementing the enterprise's existing environment to support cloud deployment will help resolve this problem.
9. How to host the data and applications of the enterprise, what kind of security technology is appropriate?
The cloud provider should provide this information because it directly affects the ability of an organization to comply with regulations. Transparency is important and necessary because it allows businesses to make decisions based on their knowledge of the situation.
10. What factors can an enterprise use to understand and trust cloud providers?
There are a number of factors to consider when evaluating a cloud provider's level of trust. Many of these factors are interlinked with companies considering outsourcing contracts, such as the maturity of providers and their services, the types of contracts, SLAs, vulnerabilities and security policies, the performance records of providers, and forward-looking Strategies.
Moving to a new computing platform is not something that can be decided without careful consideration. The answers to these questions are complex and often leads to more problems. This article also only touches on the cloud platform to consider some of the shallow level of security issues.
In addition, enterprises should be aware that they have the ability to drive the development of security technologies used in the cloud. It should be understood that cloud consumers can, should, and expect them to take on security responsibilities, thus making the cloud a safe platform for real cost savings and productivity improvements.