Information Technology Reference
In-Depth Information
Cloud Security and Privacy
“TechInsights Report 2013: Cloud Succeeds. Now What?” is a survey-based report commis-
sioned by CA Technologies. It indicates that according to the respondents, “the cloud has
moved beyond adolescence and is on the path to maturity in the enterprise” (reported in the
Wall Street Journal
,
http://online.wsj.com/article/PR-CO-20130521-906501.html
).
The report indicates that the United States leads Europe in terms of experience in cloud
technology usage. A total of 55 percent of the respondents in the United States have used
the technology for three or more years as compared to 20 percent of European respondents.
The priorities that drive the shift from in-house maintained infrastructures to a cloud
platform also differ. For Europeans, the priority was “reduced total costs,” whereas the
respondents in the United States expressed “increased speed of innovation” and “superior
IT performance/scalability/resiliency” as the top objectives for the shift.
However, security remained a concern. Though most (98 percent) of the respondents
agreed that the cloud met security expectations across infrastructure, platform, and service
architectures, security was cited by almost half of the respondents (46 percent) as a primary
reason for not migrating an application or a service into the cloud.
Probably the biggest challenges faced by cloud computing today are related to secu-
rity, privacy, legal issues, and regulations. Critical voices such as GNU founder Richard
Stallman have often warned that the whole cloud system is full of privacy and ownership
concerns.
www.theguardian.com/technology/2008/sep/29/cloud.computing
.richard.stallman
Security, Privacy, and Attack Surface Area
Security is a contentious and widely debated issue in the cloud computing domain. The lack
of physical control of the public cloud, when compared to complete control over in-house
infrastructure (including private cloud), creates multiple issues for companies dealing with
sensitive data. Physical control gives operators the ability to inspect data links and check
if anything has been compromised. Such issues with control access are incentives for cloud
service providers to build and maintain highly secure infrastructure.
Generally, security issues have been categorized as follows:
Access control policy and secure access to sensitive data
■
Multitenancy and clear policy-driven data segregation
■
Privacy
■
Exploitation through bugs, viruses, and malware
■
Malicious insiders
■
Search WWH ::
Custom Search