The cloud is one of the most widely used ways of storing information today because it is must cheaper and uses less physical memory space than storing things on a PC. However, unless the proper security measures are taken, it can also be very dangerous—a source of malicious malware and all those other horrible things that destroy hard drives. With the cloud the danger is singularly great because of the altered relation between the operating system and the hardware on which it runs. Read on for a description of how to maintain security in the cloud.
1) Types of cloud security issues
There are two groups into which almost all cloud security issues may be placed—those faced by the cloud providers, and those faced by their customers. Both sides are obligated to see that it is secure cloud services that are being provided. In general ProfiBtricks cloud providers have implemented data recovery plans so that any data that is lost can always be rescued from the virtual grave. They also have business continuity systems which, like the data recovery plans, may be reviewed by their clients.
Many criminals make a living out of detecting weaknesses in cloud systems and taking advantage of them. The incidence of such crime will likely increase in the future as cloud computing becomes more and more popular. Stakeholders can lessen the chances of becoming victims by having the system encrypt the data that they store in order to protect it, something they can do by making heavy risk assessment investments.
2) Privacy
Privacy is also a major issue in cloud storage. The savvy user wishes to know if the files that he is storing are accessible to anyone else, such as the administrators of the cloud service he has chosen.
Both public and private clouds exist. Public clouds, such as those offered by Amazon, Google and Microsoft, can be used by everyone and is either entirely free or financed on a pay-per-use basis. Private clouds, which are much more difficult to create and maintain, are set up for the exclusive use of a particular company.
3) Regulation
Numerous acts have been passed through the Congress with which all cloud companies must comply. These include the following:
- FISMA (the Federal Information Security Management Act of 2002)—establishes minimum security requirements that federal information systems have to meet; sets up Security Content Administration Protocol (SCAP) as a method of testing compliance with this law
- HIPAA (the Health Insurance Portability and Accountability Act of 1996)—passed to prevent health care abuse and fraud and encourage hospitals to use the electronic data interchange provides for a system of national identifiers for health care workers and insurance companies
- SOX (the Sarbanes-Oxley Act of 2002)—sets the standards for management firms and for public company boards and accounting firms; establishes corporate responsibility and sets the penalties for fraud involving the alteration of financial records
Similar laws have been put into effect in other countries, such as the Data Protection Directive in the European Union. Many nations have passed laws similar to SOX. Certain types of companies also have special regulations that apply to them. For instance, the credit card industry has PCI DSS (the Payment Card Industry Data Security Standard), an “information security standard” for all companies that deal with debit and credit card information.
Laws are also in force that require cloud services companies to make electronic records in a given format and made available to the general public.
4) Organizations
Various organizations devoted to finding and solving cloud security issues have sprung up everywhere. cloudsecurity.org is a blog site that deals with the subject. The Cloud Security Alliance provides education leading to a Certificate of Cloud Security Knowledge (CCSK). They offer training in three areas within the field, including PCI DSS.
ProfitBricks cloud computing software security has been an issue in the computer world for over forty years—long before there was a World Wide Web. Now everyone has to take care when performing any activity online lest bad things happen, such as identity theft. He who takes such care has little to worry about when storing or backing up data in the cloud.