Regardless of all the hype concerning the subject, security in cloud computing is not a revolution; rather it's an evolution of the age-old business model of outsourcing. The concept of cloud computing has evolved from the concepts of grid, utility, and software as a service (SaaS), and these models evolved from the application service provider in the mid-to-early 1990s.
The emerging model of cloud computing allows people to tap into a vast network of computers scattered around the world using any type of connected device to analyse an abundance of information on demand. The information resides in massively scalable datacentres, provided by an outsourcer, which are enabled by the maturity of virtualisation technology.
With any outsourcing model, business owners, not service providers, are ultimately responsible for maintaining the confidentiality, integrity and availability of their data. Before embracing any type of outsourcing model, be it cloud or traditional, businesses must exercise best practices to ensure they are working with a trusted service provider who will be gaining access to, and helping protect, sensitive company data. It is also important to note that cloud computing is fundamentally an extension of an organisation's environment, and similar vigilance needs to be in place as it relates to periodic assessments of what information is deemed "safe for the cloud".
Cloud formations
When looking at clouds, there is a need to distinguish between the various cloud categories. While cloud computing is traditionally viewed as an external service provided by a third-party entity, there are other types of cloud environments. For example, a cloud infrastructure that is hosted internal to an organisation is often- referred to as a private cloud. While private clouds do not offer the benefits of reduced capital costs, which is a main benefit of public clouds, they do reduce concerns about unfettered data access. A third option, and perhaps what will become the more common model, is a hybrid cloud infrastructure. In a hybrid cloud, data is segmented between public and private clouds. This can be considered a normal evolution of cloud computing as organisations are demanding that their critical data be protected, and will likely outsource less critical information to public environments, and self-manage their more essential data. Each variation of cloud computing introduces the need for strong security and governance but the metrics used to manage them will vary dramatically.
When organisations begin to deal with multiple cloud environments, particular emphasis should be placed on the areas of identity, access control and audit. One of the most common challenges organisations will face in the cloud is user identity and privileges. Organisations will need to be very diligent in the management of least privileged user conditions. While this represents some overhead, it also offers benefits to organisations in that they are in a better position to address regulatory conditions. Firms should adopt frequent reviews of users and should look at their roles in the organisation in order to properly assign access rights and ensure that ‘ghost users' no longer have access to systems.
Be the first to comment on this article!