Skip to main content

How to avoid security pitfalls of Cloud Computing?

Steve, CTO at Secerno has written a neat article on security around CC.

Demystifying cloud computing

The realities of cloud computing are that it is driven by economics; and reducing cost does not always mean an improvement in security. Securing data isn't an easy task and exposing services and moving data outside an organisation does not automatically make data security easier, it can actually make it more complex. Those adopting cloud computing must remember it is the responsibility of the data owner, not the service provider to secure valuable data.

There are many myths surrounding the security of cloud computing, which need to be addressed to enable businesses to get the full benefits of this technology. Design and implementation of access controls is just as important and easy to get wrong in-the-cloud as it is in any IT system, but exposure to remote attackers is higher in-the-cloud, accentuating the risks. There is a perception that cloud computing removes data compliance pains, however it should be clear that the data owner is still fully responsible for compliance. Furthermore, concentrating several companies' mission critical data in a single location provides an enriched target that will inevitably attract the forces of e-crime. Hackers only have to get lucky once – the cloud must defend the data from all misuse – a tough job!

Cloud computing is not necessarily more secure; applications with years of expert development still contain undiscovered vulnerabilities that can be a risk to data security. There is insufficient evidence that cloud computing providers have got it right yet; nor for that matter, have the organisations in determining and enforcing which users have access to what.

Cloud applications undergo constant feature additions and users must keep up to date with the application improvements to ensure they are protected. This means that users have to constantly upgrade as an older version will not function, or protect the data.


Source

Comments

  1. Wow, where to start...

    Not for nothing, but I'm not sure this article demystified anything other than the fact that re-hashing the same privacy arguments brought forward by SaaS years ago is certainly a new trend.

    I do take argument with this statement however:

    "Those adopting cloud computing must remember it is the responsibility of the data owner, not the service provider to secure valuable data."

    ...actually it's the responsibility of BOTH parties. If it isn't, the folks negotiating your partner contracts ought to look for other work. BOTH parties are stewards of the information and should exercise due care in protecting it.

    Further, it's really odd that somehow the "cloud" means "massively distributed." That's not really the case with most SaaS offerings re-branded as "cloud offerings." There are LOTS of clouds, but that doesn't mean they are interconnected, federated or widely distributed outside of the datacenters serving them.

    OK, I sense a blog post coming...

    /Hoff

    ReplyDelete
  2. Wow, where to start...

    Not for nothing, but I'm not sure this article demystified anything other than the fact that re-hashing the same privacy arguments brought forward by SaaS years ago is certainly a new trend.

    I do take argument with this statement however:

    "Those adopting cloud computing must remember it is the responsibility of the data owner, not the service provider to secure valuable data."

    ...actually it's the responsibility of BOTH parties. If it isn't, the folks negotiating your partner contracts ought to look for other work. BOTH parties are stewards of the information and should exercise due care in protecting it.

    Further, it's really odd that somehow the "cloud" means "massively distributed." That's not really the case with most SaaS offerings re-branded as "cloud offerings." There are LOTS of clouds, but that doesn't mean they are interconnected, federated or widely distributed outside of the datacenters serving them.

    OK, I sense a blog post coming...

    /Hoff

    ReplyDelete

Post a Comment

Popular posts from this blog

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…

Redhot Future Of IT Part 2 :Virtualized Workplaces

Click on the title to hear what I have to say, alternatively click here to listen to what I have to say here.

So what is a virtualized workplace? Does it mean it does not exist? That it's virtual? Well in a certain way YES. This is where the future of our workplace is going to be. Well it is already a reality in some countries.

OK lets start by asking ourselves these questions:
Do you really bond with your colleagues? (think Team cohesiveness)
Do you spend great amount of hours talking about great things that you will do together? (think collaboration)
Do you really feel that you give 100% at work? (think effectiveness)
What do you really miss at your desk? (think personalization)
Is your desk comfortable enough? (Again think optimizing personalization, OK you have done your best to make it your place)Does it really matter to your employer that you are there for him/her? (think commitment)
Or do you get micromanaged over petty issues? (think mismanagement)
Do you see your employees perfor…

A Collection of Threnodies : Part 1

Whale Fall
-----------------

Dress me up in my new threads
clasp my greasy palms
grease my hair
I'm ready for the fall


Watch at all the decadence
watching the avalanche
I'm slipping down
losing my buoyancy


What's become of us
where have we come
this far, this close
close to the doors


I hear them, sublimal chants
I'm on the run
I race through the human sea
I am the king!


I'm the slave
to my own undoings
I'm the jester in my courtyard
We jest as we run


We're strolling on that thin rope
we grope as we rope
we're true heros
we're the survivors


we're the scavengers
we're the friends
we're the lovers
we're the unbred


Soon awaiting the fall
we're lurking on us
we're osedaxing us
we're soon going to be done
we'll soon be arrested




*osedax(bone devourer, newly discovered marine genus) feeds on a fallen(sunken) whale carcass(which is also called a whale fall). Read more here