Cloud Security at a Glance

Think about Cloud Computing and the words which will strike across your mind immediately will be expeditious momentum. Yes, of course, cloud computing can be easily associated with these terms as it is gaining expeditious momentum in this techno era and is picking up traction with businesses.  This technology is definitely achieving great heights and is the latest buzz in the IT world. It has revolutionized the technology when it comes to provision of  service,  because Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a metered service over a network. Cloud computing is definitely the need of the hour in this information age as it enables computation, data access, software and storage services that do not require end-user knowledge of the physical location and configuration of the system that delivers the services. Cloud Computing has also enabled the business organizations to cut down on their expenditures and in turn helps in proliferation of revenue. Cloud computing has enabled the organizations to achieve the set targets in an efficient manner. But the big question that creeps up is how safe and secured is the data on cloud as this generation next technology does not come alone, it entails unique security risks rather. That is why it becomes imperative for us to know about the security risk that cloud technology brings along. Here goes the analysis.

As per Gartner, here are seven of the specific security issues Gartner says customers should raise with vendors before selecting a cloud vendor.

1. Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access," Gartner says.

2. Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions," according to Gartner.

3. Data location. When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.

4. Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. "Encryption accidents can make data totally unusable, and even normal encryption can complicate availability," Gartner says.

5. Recovery. Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. "Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure," Gartner says. Ask your provider if it has "the ability to do a complete restoration, and how long it will take."

6. Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible."

7. Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. "Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application," Gartner says.

As per Greg MacPherson, Contract Senior Security Engineer at Russell Investments, Greater Seattle Area, USA, cloud computing entails many security risks. He elaborated that if you have data that is (a) static, that you (b) don't care about replacing, and (c) that doesn't impact your ability to do business (training videos come to mind) then by all means shove it out into the cloud and save yourself some bandwidth and storage costs.  On the other hand, if you care about the confidentiality, integrity, availability, security, reliability, legality, control over, or validity of your data - don't do it. Cloud in too many cases is nothing but a smokescreen for poorly implemented infrastructure.  The cloud is really sky writing. It says “Caveat Emptor” – but too many people are not educated enough to know what that means, so they rush ahead blindly where wiser men fear to tread. If you want to retain control over your information, stay out of the cloud.

Pradyumn Lavaniya, Director - Private Cloud, Microsoft India.

Microsoft has been a provider of cloud computing services since 1994, and today manages over 200 online services, including Windows Live Hotmail, Messenger, and Xbox Live. Microsoft has the experience, knowledge, and existing policies to help ensure the data stored in the cloud is safe and protected. A core company tenet is Trustworthy Computing - a long-term, collaborative effort to create and deliver secure, private, and reliable computing experiences for everyone. Microsoft formed Trustworthy Computing in January 2002, when Bill Gates committed the company to fundamentally changing its mission and strategy in the key areas of Security, Privacy, Reliability, and Business Practices.

Microsoft is dedicated to providing people with a trusted cloud computing experience. As part of this commitment, Microsoft ensures that the people, processes and technologies the company employs provide secure, reliable and privacy-enhanced experiences, products and services. For example: 

•Security and privacy are the foundation upon which all Microsoft products and services are built. All company products and services are designed and built from the ground up using Microsoft’s Security Development Lifecycle (SDL). This is a holistic and comprehensive approach for writing more secure and privacy-enhanced code which helps develop products that are more resistant against malicious attacks. 

  

•Microsoft’s cloud operations are reliable and enable individuals and organizations to better protect sensitive information. To provide secure operations for our customers, we’ve invested billions in designing our datacenters to internationally recognized standards that comply with regional laws, as well as our own stringent security and privacy policies. 

•Microsoft mobilizes significant global resources to respond quickly, comprehensively, and effectively to unexpected incidents. No matter how secure we make our products, or how secure and reliable our datacenters are, unexpected situations  may occur. If and when they do, Microsoft is ready to take swift action. Our customers trust us to protect their data and  deliver a reliable service. But they also trust us to be able to deal with the unexpected – from natural disasters to  emerging security, privacy or reliability threats – quickly, effectively and comprehensively.

Effendy Ibrahim, Internet Safety Advocate and Director, Asia Consumer Business, Symantec

At Norton, we’ve realized that consumers no longer live in a PC-centric world. The cloud has enabled consumers to access their private information through the internet on a variety of connected devices, such as tablets, laptops and smartphones. Just like it is becoming an important part of the digital experience for consumers, the cloud is also a key component of our products – from delivering more effective protection to a better user experience.

  

For example, our unique reputation technology leverages cloud-based intelligence to detect new, never-seen-before malware. Without ever having to ask the user, Norton can infer with an extremely high degree of accuracy the likelihood of an unknown application being good or bad, and deliver this to all users through our cloud-based infrastructure.

With the launch of the latest Norton 2012 products, we’ve expanded our cloud technologies to enable the richest Norton user experience with the Norton Management capabilities as well as Identity Safe online vaults.

Norton Management helps users who manage security on more than one device for themselves or for family members. It’s a feature that goes well beyond the software sitting on the local computer and takes things into the cloud. Norton Management makes it simple for people to easily manage their Norton products for the entire family from a single place, without requiring physical presence at each computer.

•Remotely add and remove Norton products on all their PCs

•Manage and fix basic Norton security settings on any PCs

•Remotely update their subscriptions and manage their license keys

Norton Identity Safe keeps all your passwords in a password- and encryption-protected data vault in the cloud. It also secures your login information and automatically logins you into a web site. Compatible with millions of websites that people visit every day, you can sync your IDSafe vault when you want to use multiple computers. With the Norton account login, you can automatically update and synchronize your personal information whenever you access it from a different computer.

Amit Nath, Country Manager India and SAARC, Trend Micro

We intend to foster education and transparency of emerging and innovative technologies supporting best solutions for Cloud Security; keeping into consideration various security issues. We are focusing on serious breakthroughs and trends in cloud computing and security, and of new cloud-related security capabilities.

Conclusion

To sum it up, it can be said that Cloud computing is definitely gaining foothold these days but having the proper knowledge before switching to a cloud network so as to deal with security issue is certainly the need of the hour. Moreover, security is a concern in cloud, but the more the cloud develops (which it is at a rapid rate) the better the security solutions that will be offered as a result of the high demand.