Cloud computing is all the rage these days. It’s being hailed as a breakthrough technology that will revolutionize the IT landscape and the way we use the Internet: we won’t be restricted to one device or machine – all our data will be in off-site data centers and we can access it from just about anywhere.
Sounds great but also risky! Concerns have been raised about data security in cloud computing. However, experts defend cloud computing, saying it is not riskier than network computing and businesses might even reduce security risks by using a cloud provider.
“I don’t think that inherently cloud computing represents any more risky application or data environment than for example on-premise applications and data,” said Mike Lee, a security analyst with Wensense an Internet security firm. “It’s a new environment that organizations need to think about a little bit differently and make sure that they are able to extend the same level of control in the cloud that they have on premise.”
So how does Cloud computing work? It is a type of Internet-based computing where services are provided to Internet users through an on-demand basis. Now we don’t need to have our own computers. We just need some sort of a down terminal and by subscribing to a cloud-based service we can get all the computational power we need and store all our data and applications in an off-site data center, according to Bhavani Thuraisingham, director of the Cyber Security Research Center at the University of Texas Dallas.
But with this new technology came new risks and challenges.
“There are a range of security issues associated with cloud computing,” said Thuraisingham. “Security in the physical networks just involves securing the network. But with the clouds there are more things you are doing than in a physical network. You are not only transferring data but also storing data and applications, so it requires more controls.”
According to a survey by Narus, a growing number of businesses are using cloud technology, because “it enables a more flexible approach for deploying and scaling applications, promising real cost savings and agility to customers.” However, a majority of the survey respondents, about 70 percent, were concerned about the security of the cloud.
Joel Friedman, CEO of SurveyWriter a web-based software service provider, said cloud computing has been a central model for his business.
“This model does have some inherent security risks over offering individual shrink wrapped software. But the benefits far out weigh the risks. This type of power was not available with traditional software running on individual desktop computers,” he added.
Dennis Hurst, a member of the Cloud Security Alliance, disagrees.
“I don’t think it’s more risky it depends on the service. There are some cloud providers that are more secure than any company I’ve ever worked with. There are other providers that are not. So it’s very specific to the provider you are using,” said Hurst.
He said the biggest mistake businesses make when signing up with a cloud provider is not assessing their security controls upfront.
“In cloud computing you are trusting an external vendor to provide a certain amount of security. And it may be that service, because of the way, it was designed can’t be secured properly to meet your governance requirements. That’s something you need to look into before you enter the relationship not afterward,” said Hurst.
According to Hurst, some cloud providers provide better security controls than an individual business could ensure on its own. In such a situation it would be less risky for that business to branch into cloud computing.
Thuraisingham, who is working on a joint project funded by the U.S. Air Force, said the cloud computing paradigm which came in late 2006, with Amazon opening its Elastic Compute Cloud service, has progressed tremendously.
Recently, Apple announced it will launch iCloud, a service that allows users to put all their personal data in a cloud and then synchronize it across all of their devices.
However, outage of the Amazon’s cloud-based Web services, in April, – which brought down web sites and services of many businesses for days – sparked debate about the riskiness of cloud computing.
Thuraisingham foresees newer and more sophisticated technologies coming into cloud computing and with that newer security challenges.
“I don’t think we will ever have a hundred percent secure cloud just like we will never have a hundred percent secure physical network,” she added.
However, she feels there is no going back. Cloud computing is the future and just like any other system continuous work needs to be done in order to ensure its security.