This page contains a Flash digital edition of a book.
20


Cloud Security Mark Wood


n Other tenants may have their data seized by an- other organisation such as a government. An entire storage rack might be seized, carrying off your data in the process and leaving your company redundant.


To ensure you are properly protected in a multi- tenant environment and that your neighbours do not pose a risk in terms of data loss, misuse, or privacy violation, you’ll want assurance that your informa- tion will not be exposed. Businesses have the right to ask their cloud providers about the policies and procedures they have in place for data isolation. In the wilderness of multi-tenant data, it is imperative to gain a thorough understanding of how your data will be handled and protected.


SHARING THE SECURITY BURDEN Businesses need to understand that although their


data is being hosted by a vendor, this does not obviate the need for them to secure their cloud infrastruc- ture. Clearly the physical security of the server falls upon the provider, alongside a responsibility to guard against cyber threats such as distributed denial of service (DDoS) attacks. But users must assume full responsibility for the data they store and for the ap- plications they run in the cloud. With regards to shar- ing content, the cloud is no different from any other medium. Businesses must still behave cautiously and think carefully about the type of data that they share and who has access to it. As always, data encryp- tion is a must. However, ownership of the encryption keys is important and will determine the strength of protection. In order to maintain authority over their data, businesses must safeguard the integrity and safety of their information by ensuring the keys are only provided to regular parties. Security in the cloud should be viewed as a symbiotic relationship between the cloud provider and the customer. A point to be aware of is that the responsibili- ties of the provider and buyer vary depending on the cloud service. For instance, with Software as a Service (SaaS), it is the duty of the provider to answer ques- tions around data protection and location, third party involvement and the data protection laws they adhere to. With Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) this reverses, and these areas of concern become the customer’s responsibility. Regardless of the service, visibility is key. When it comes to cloud security, it is imperative that busi-


CCI Magazine January 2013


nesses are aware of not only their own role, but also that of the provider and its approach to fulfilling these obligations.


THE EVOLVING COMPLIANCE LANDSCAPE The security concerns associated with cloud also


extend to compliance. As cloud is still relatively new, the applicability of compliance and privacy laws is still evolving. Consequently, achieving compliance within the cloud can be challenging. It is vital that cloud providers and customers keep up to date with the changes in compliance. Once again, security and compliance should be a shared responsibility; if your business gets into legal trouble, the blame is on your organisation, not the cloud vendor. You can shift ac- countability to the cloud provider, but you cannot shift your legal responsibility.


By offering more choice, flexibility and agility, cloud computing is enabling businesses to leverage competitive advantage. However, if security is not made a key priority then the benefits will be jeopard- ised. At the same time, the security challenges needn’t prevent the adoption of cloud services. In fact, moving to the cloud can enhance an organisation’s security because many cloud service providers have stronger technical security controls for the cloud infrastructure than customers can typically provide on their own. Security in the cloud is similar to the security process businesses already know. The only real differ- ence is third party involvement. Consequently, trans- parency must be the security focus in the cloud: the IT manager must be diligent about where their data resides, how it is protected and who has access to it. So long as businesses are aware of this and are al- ready executing an effective layered security strategy, then they can confidently optimise the opportunities presented by cloud computing.


ABOUT THE AUTHOR Mark Wood


Mark is responsible for managed security for cloud services at Dell SecureWorks. He has more than 25 years of experience in the technology community as a software engineer, a sales engineer, a start-up owner and a product manager.


www.cloudcomputingintelligence.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68