Security for Public and Private Clouds
March 29th, 2011 By: Industry Perspectives
Lucas Roh founded Hostway in 1998 and since then has charted the company’s growth to achieve an international presence, Hostway is ranked as one of the top-five Web hosting companies globally.LUCAS ROH
According to Gartner analysis, $150 billion in cloud-related revenues is expected by 2013. The move of company data towards “the cloud” is not slowing, and more companies are wrestling with the “is the cloud secure?” question. While those in IT will certainly tell you no environment will be completely secure, there are measures you can take when moving to the cloud to mitigate security risks to reasonable levels. Moving to the cloud can often be more secure than a traditional in-house solution as the industry has invested billions in data safeguards. When choosing a provider, it’s important to look beyond just pricing to the firm’s security protocols.
Security Issues in Public Clouds
In a public cloud environment, the end user has a solution that is highly automated. Customers can put their applications in the cloud and control all of the individual attributes of their services.
The public cloud does not have the visibility or control of a private model. You give up some control over the location of processing when using the public cloud. In a private cloud, you have fewer people sharing resources with more pinpoint control. Managing the security risks of each environment is attainable by following some best practices for both internally and externally.
Follow Best Practices
Instituting identity management controls is a crucial first step. You need true randomization with strict adherence by all staff members to password creation protocols. It’s shocking to see how many people still use “password” or “12345” as passwords for even the most sensitive data access points. Using LDAP controls and administering credentials will keep information in one location.
After you shore up your internal credentials processes, you should look closely at your outsourced team. Do they follow your security protocols and conduct background checks and other initiatives that protect and control the flow of your data? Data segregation is vital, especially for public environments. Solution providers need to utilize the best encryption tools to keep your data in a safe and usable state. You also need them to provide their best managed services including firewalls and advanced intrusion detection systems.
Legal Aspects of Cloud Storage
There are many legal issues relating to data storage, especially any personally identifiable information (PII) that you might possess. Even though data is “in the cloud,” it still resides somewhere and rules are in place that dictate where it can travel. Some countries, such as many in Europe, have very strict data security requirements that limit where the data can be stored or moved. Choose a solution provider that knows the rules and can quickly locate your data if needed in order to fall into compliance. According to Gartner research, 40 or more states have formal regulations in place governing how companies can protect PII. You should choose an established cloud solution provider that places system controls on the movement of PII within their cloud network.
Find the Right New Partner and Manage the Existing Ones
With relatively low barriers to entry, many cloud providers enter the market without enough expertise in staffing or technology. You need to ask a potential provider a host of questions that gets deeper into their business, such as who can access and move your data. Will they tell you about any security breaches, or just push them under the rug? Does the outsourced company have more than one location so you can set up a disaster recovery center if desired?
You can negotiate stronger encryption layers and data storage standards within the contract. Beyond the cloud provider, you also need to review any other interrelated SaaS provider and its practices. Your business relies on a variety of outsourced companies that touch your data at different points, so it’s important to be sure there are no weak links when it comes to data management.
Outsource companies should follow defined password assignment standards that decrease the likelihood of password hijacking. With multi-tenant cloud environments, the risks are greater and the vendor needs to illustrate controls they put in place to afford some separation between tenants to lower risks.
It All Comes Together
Achieving the best possible security in both public and private environments requires setting privacy and user access requirements and finding the right solution provider. New tools to store and manage data in the cloud are on the development fast track, and as these tools are implemented, they will give users additional protection to ensure security.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.
[...] Security for Public and Private Clouds [...]