Main Cloud Computing Security Issues
Cloud computing security has evolved and grown in recent years with more and more companies and businesses realizing the true value and potential behind using cloud computing services. Along with the massive growth comes security concerns and issues that must be addressed by all cloud hosting companies. A successful cloud hosting company must diagnose the possible security threats their service will face and they must formulate solutions for dealing with these threats.
One of the biggest cloud security issues revolves around trust between the service provider and the customer. One of the biggest issues a new customer faces is attempting to discern whether the service provider is trustworthy or not. Granted this can be remedied by going with a well-known cloud service provider, but they typically have higher rates than service providers who are just getting started in the business. Insider attacks are common among start-up businesses, and with so much information stored in a typical cloud setting an insider attack could be devastating.
Currently the only legal document in use between cloud service providers and their customers is the Service Level Agreement. This document merely outlines the exact services the provider offers and what services are available to the customer. This document does not disclose services which may be available in the future or ones that were previously available. It is important to review the SLA and ensure both parties agree to the document and sign it before beginning your contract.
Encryption is the process of scrambling information to make it more difficult to decipher if it were to fall into the wrong hands. While this seems like the perfect solution when used in a cloud-based setting, there are numerous drawbacks associated with encryption as well. It takes a massive amount of computer power to encrypt a large amount of data and store it in the database. It takes an even longer time to retrieve the data because all data in the database must first be decrypted, sorted, found and then pulled out. This can cause major delays when large files such as video files are stored in a cloud database.
Naturally encrypted data needs to be “unlocked” so clients, partners and customers can view the information in its natural form. A key is the code or string of text that correlates to each piece of encrypted information and unlocks it. Managing and storing these keys in a safe and secure location is of paramount importance when it comes to keeping the entire cloud database safe and secure.
There are numerous approaches cloud backup providers use for key management. One of the early approaches was to build a separate, local and secured database that stored all of the keys. This worked for a while until the amount of data simply became overwhelming. Another, more efficient system is to use two-level encryption which allows for the data keys to be stored in the cloud along with its corresponding information. Key management is an ever-present security issue for cloud service providers and it’s one that is constantly being looked into and revisited.
Virtual Machine Attacks
Despite the higher level of security associated with virtual machines, attacks are still possible and they do happen, although not as often as on physical machines. Since all cloud information is typically stored in a virtual machine configuration, an attack can put a whole lot of information at risk of falling into the wrong hands. Another problem with using virtual machines is all information is stored on the same machine, regardless of clients. This can create a problem when illegal data, such as child pornography is discovered in the cloud.
Latest posts by Paul (see all)
- Slow-Mo Cam by Lucky Clan out for iPhone 5, 5C and 5S – October 29, 2013
- Mobile Cloud Computing Fundamentals and Challenges – September 10, 2013
- Mirroring Your Cloud Storage – Keeping Data Safe – June 27, 2013