Are You Really Safe on the Cloud?

While advancing the cause of cloud applications, cloud service providers are clouded with security issues which constitute a major hurdle to its spread. In a comment appearing on cloud tech, Ian Moyse quoting the results from (Cloud) Adoption and Trends Survey appearing in ‘Cloud Industry Forums, 2011’ states that 64% single out Data security as THE most important concern preventing their using of it in businesses.

At the same time, he concurs with the views expressed in the article that security per se is not a threat, provided the users adopt to learning  and carrying out due diligence prior to the usage of cloud services. Further, the article quoting research conducted by Comscore and Microsoft in Hong Kong, India, Malaysia, Singapore and USA that the SMBs in fact are experiencing better security in the Cloud than being thought of otherwise . At least one third (33%) of the respondents in all these countries  have expressed  a sense of security while using the cloud applications and in USA the SMBs which use Cloud feel safer than those who do not use. However, reading between lines, we can deduce there is still a significant quantum (40%) of non-users because they still harbor security fears and 67% call for better security standards and demand more transparency in the way cloud operators carry on their businesses. We need to analyze further to arrive at a reasoned conclusion as to we are actually safer on the cloud. This can be done by finding whether these risks can be removed to an extent that they would not affect the users in the coming days.

We are constrained by space to discuss this issue at length but from  this White Paper the very nature of cloud computing services make it vulnerable to security risks which could be in the form of unauthorized access (related to on-demand nature of service), Internet protocol related vulnerabilities (which can be linked to its service being available everywhere (ubiquitous)), data recovery vulnerabilities (related resource pooling nature of services), and metering/billing (related to its measured nature of service).

There are considerable amount of challenges which make controlling these risks difficult if not impossible. As pointed out in the paper under reference, the controls on the network are not sufficient enough to make the users comfortable. Again the ‘key’-management procedures are yet to mature to cater to the needs of cloud infrastructure and finally security metrics are not yet fully adapted to cloud infrastructures.

In the current regulatory environment which is becoming tougher day by day across  nations and all over the world, security issues in so far they relate to accountability, identity and privacy,  are  standing in the way of  advancement of cloud computing. With no clear cut answers so far emerging on critical questions as to who owns the data (for example is it owned by the organization which stores its data or the cloud service provider under whose control the data is stored somewhere in the cloud), controlling security issues is a tough act whereas such controlling is imperative to lure the users to cloud computing. Until this mysterious vicious cycle is broken, we cannot say for sure the users of cloud computing are actually safer on the cloud.

Tagged as: cloud security, cloud service providers, data security, SMB, white paper