I was at a cloud conference last week and “security” was again a top issue for both attendees and developers. Quite frankly, I was surprised. Several days later I read a blog about cloud computing and one the responders said he thought there were too many security issues with cloud computing and he would not recommend it for his company. I asked him to outline the security issues and he hedged citing only common problems that any company, whether a cloud company or not, would have such as a stolen password, or an IT security lapse. After several go-arounds, no one responding to the original blog came up with a security problem that could not happen at their own company. So, Cloud Computing does not enable any new security flaws that were not or do not exist in your own company.
I will say that most of us have two overriding fears, which I am reminded of in this quote: “Mr Dillinger”, asked the very brave radio journalist “Why do you rob banks..?” “Because”, Dillinger replied “that is where the money is.” On its own, ACME LLC is a non-descript 800 person company that no data hacker would likely ever know about let alone try to hack into. But, as part of a cloud-based datacenter, ACME LLC does become an inadvertent target having put its “money” in the “bank.” I'm thinking any data center looks like a target rich environment to a hacker.
If a hacker did get into a CSP (cloud service provider) datacenter, it is possible, but not probable, that the hacker could get access to information stored in the data center. But we should consider two scenarios. The first is that the hacker has gained access to ACME LLC’s account through social engineering and once in the account “may” (depending on the password received) be able to see all ACME's data but most likely only the data controlled by that password. The second scenario is that the hacker actually gains privileged account access to the data center and is able to “roam” around at will. BTW, the Cloud Security Alliance (CSA) lists the top threats to cloud computing here http://bit.ly/e3opi5 or you can see the CSA site itself, https://cloudsecurityalliance.org/
The second overriding fear is that my data is in a datacenter, who knows where, and if my Internet connection is down I can’t do business. Loss of an Internet connection can be due to things that are out of our control – the cable has been cut (actually happened to me when a PG&E crew severed the cable while digging), ISP is down, a catastrophic event has occurred and everything is down. For these three, there is not much you can do if you are a single physical place company, but let’s look the difference between your company data center and a CSP data center.
If you host your own data, loss of the Internet and an ISP “may” not affect you as your data is on your internal servers and network. In this case, the CSP loses to your internal network but take note that any VPN or Internet clients are out of luck. If it is the case of a catastrophic event in which everything is down, including your own power, datacenter, etc. the CSP would win because the CSP will have multiple data centers that are geographically separated, and will have multiple ISPs so that if one ISP is down, another picks up. Most CSP data centers have their own backup power and backup systems to enable the site to continue to operate through all but the most trying disasters. Most SMBs, and even larger companies, do not have a data backup that is done in real time and there would most likely be several days before they were “up and running” with the backup tapes. Most SMBs, and many larger companies, are not prepared to operate during a disaster and do not have their own power supplies and multiple ISPs.
In a major disaster scenario, it would be possible for you to travel outside of the disaster area and re-establish a connection to your CSP or if you had a second office, the second office would be able to continue working without interruption. Note that if there was a major disaster, many people will not be working for several days to weeks.
But that is the big picture. What are your security concerns about moving and operating in the Cloud?
#cloudcomputing #Collaboration #Security #cloudcontentmanagement