Cloud computing has raised quite a few questions with IT management, especially when it comes to securing data housed in the cloud. To alleviate many people’s fears when it comes to data security, Eran Feiganbaum, director of security for Google Apps claimed that data stored in the cloud is often much safer than if it were stored on a corporate network comparing the move to taking jewelry out of a sock drawer and putting it in a bank.
"Cloud computing, when IT software and services are delivered over the web and through a browser, is a paradigm shift, similar to taking your jewelry out of your sock drawer and placing it in the bank," wrote Feiganbaum on Google’s blog.
While these comments drew an avalanche of criticism, citing a glitch in Google Docs and Presentations that inadvertently shared private data with people who the owner of the data had previously collaborated with on another project.
Like securing data on your own network, data in the cloud can be secure because good security is good security, no matter where it exists.
Protecting your data in the cloud is done by implementing:
If data was stored on a corporate network, management would want to know what security controls are in place, to what extent are these controls implemented, and what plans are in place to deal with an attack. Likewise, these questions should be answered sufficiently by cloud providers.
Additionally, it needs to be made clear as to what the provider is responsible for as far as security is concerned, and what the owner of the data is responsible for. According to a report titled Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, (http://www.cloudsecurityalliance.org/csaguide.pdf) "The key takeaway for security architecture is that the lower down the stack the cloud service provider stops, the more security capabilities and management consumers are responsible for implementing and managing themselves." Knowing who is responsible for what can prevent unnecessary finger pointing in the future.
While data theft (confidentiality) and data tampering (integrity) often take the forefront of the security discussion when it comes to the cloud, the accessibility of data should not be overlooked. Consumers need to question what the cloud provider has in place to protect against threats like Distributed Denial of Service attacks that can prevent access to stored data. Another consideration this how backup and recovery is handled by provider to deal with disaster recovery.
When Eran Feiganbaum compared cloud security to bank security, it was based in the theory that like a bank, a cloud provider has the resources to put security measures in place for protection that cannot be achieved at home, or on the corporate network. Like storing valuables in a bank, the owner of the data needs to take responsibility and check out the thickness of the vault, the reputation of the security guards, and the placement of the cameras.