|By Gilad Parann-Nissany||
|February 5, 2014 12:00 PM EST||
I am often asked by skeptics, cynics, doubters, and readers of sensational journalism if they can trust the cloud. Sure, there have been data leaks, hacker intrusions, NSA spies, but can the cloud be trusted with your data?
End of article.
Not really . . . yes, the cloud can definitely be trusted, but that doesn’t allow you to be foolish. Metaphorically, you can trust your Volvo too – but you should still fasten your seat belt. You are still responsible to protect yourself, and in the cloud computing scenario, that means that you are ultimately responsible to protect your data. My advice is this:
Trust the cloud. And take security measures to protect your data.
The level of security (in the form of cloud encryption) needed will depend on what you are planning to use the cloud for.
Individuals who want to securely store files on websites such as Dropbox or Google Docs need a minimal amount of security so that their information isn’t widely available. In recent years, the developers of these services added the necessary encryption to keep the average hacker out1.
For those who want to power applications, databases or tools on a group of computers through the cloud, extra protection is needed since there are more entry points to protect. Companies that want to secure data in the cloud should work with a qualified cloud provider or cloud security vendor who will provide data encryption options to protect against internal and external threats as well as meet industry data privacy rules (PCI, HIPPA, etc.).
If you work with sensitive information that is protected by law or industry regulations, you require the highest level of protection. For example, companies in the healthcare industry must take care to encrypt private patient data in order to comply with HIPAA regulations2. Companies that accept credit card payments must comply with PCI regulations3. For these companies, it is important to understand what the potential risks are and how to secure the data and adhere to the regulations.
So, which security measures should you take?
The CSA (Cloud Security Alliance) has identified a number of challenges to cloud computing security4:
- Data breaches – If a cloud service database isn’t designed properly, a hacker could get into customers’ data.
Solution: Choose a cloud provider that allows maximum control over encryption keys.
- Data loss – A careless provider could lose data due to a hacker or natural disaster. This can be problematic for compliance with regulations as well as customer relations.
Solution: Use encrypted backup where you control the encryption keys.
- Account or service traffic hijacking – If credentials are stolen, a hacker could carry out actions in the name of the company.
Solution: Use two-factor authentication techniques wherever possible.
- Insecure interfaces and APIs – Third parties building on to existing APIs can weaken their security, especially if they require relinquishing of credentials. Solution: Understand the implications and risks of adding layers to APIs.
- Malicious insiders – If credentials are available to multiple employees within an organization, the company is susceptible to malicious insider attack. Solution: Keys should be available only at data-usage time.
- Cloud abuse – A hacker might use the cloud service in order to break a code he couldn’t get into on a standard computer. He might use it to propagate malware or share pirated software.
Solution: Cloud providers must define abuse and determine how to identify it.
- Insufficient due diligence – Companies who don’t sufficiently understand the security issues inherent in cloud computing may unwittingly harm their own security.
Solution: Allocation of resources for education and due diligence before getting started.
- Shared technology vulnerabilities – Cloud providers share platforms in order to save on costs, but this means that when one component is harmed, the others are vulnerable as well.
Solution: a defensive, in-depth strategy, as well as monitoring.
That’s a lot of security measures!
It may seem safer just to stay out of the cloud, but for most businesses, this is likely to be impractical. The cloud can handle a large amount of data at lower cost and increased flexibility. Also, I would be remiss not to note that information stored on desktops is not necessarily secure either; hackers have been known to infiltrate data stored on physical computers and mobile devices as well.
Is there an easy way to protect myself?
Strong cloud encryption makes the cloud a safe environment for storing data (even for the most sensitive, regulated, protected data). Make sure to choose the level of encryption necessary for your data. If your company complies with HIPAA or PCI or handles customers’ private information, pick a cloud provider which uses split-key encryption (aka Homomorphic Key Encryption). This is a system which requires two keys to access data. One key remains under your control as the owner of the data. When this master key is in use in the cloud, it is encrypted, thus ensuring that the cloud provider doesn’t have access to your data and neither does anyone who attempts to hack in. This will ensure safety in the cloud.
This is why I say that you can completely trust the cloud. If you take the proper steps to protect yourself (a split-key seat belt, if you will), the cloud is not a menacing, dangerous place to store data. It is, in fact: scalable, flexible, cost-effective, and a great solution, which can (and should!) be safe and secure.
SYS-CON Media announced today that John Treadway’s blog has exceeded 475,000 page views. John Treadway, Vice President at Cloud Technology Partners, has surpassed 475,000 page views on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, Microservices Journal, and several others. His blog home page at SYS-CON can be found at JohnTreadway.SYS-CON.com.
Apr. 18, 2015 09:15 AM EDT Reads: 1,296
SOASTA, the leader in performance analytics, today reported record growth of the CloudTest community, exceeding 30,000 registered users of the CloudTest platform in Q1 2015. SOASTA also announced widespread adoption of its Web and mobile testing solutions, with more than 1,600 customers completing more than 285,000 tests using CloudTest during the quarter. This rapid growth shows that DevOps-driven digital businesses are embracing a more continuous approach to testing, and CloudTest is meeting t...
Apr. 18, 2015 08:00 AM EDT Reads: 969
SYS-CON Media announced today that Blue Box as launched a popular blog feed on Cloud Computing Journal. Cloud Computing Journal aims to help open the eyes of Enterprise IT professionals to the economics and strategies that utility/cloud computing provides. Blue Box Cloud gives you unequaled agility, without the burden of designing, deploying and managing your own infrastructure. It’s the right choice when public cloud just won’t do. Blue Box Cloud is a managed Private Cloud as a Service (...
Apr. 18, 2015 08:00 AM EDT Reads: 1,222
SYS-CON Events announced today that Ciqada will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Ciqada™ makes it easy to connect your products to the Internet. By integrating key components - hardware, servers, dashboards, and mobile apps - into an easy-to-use, configurable system, your products can quickly and securely join the internet of things. With remote monitoring, control, and alert messaging capability, you will mee...
Apr. 18, 2015 07:00 AM EDT Reads: 1,529
SYS-CON Events announced today that GENBAND, a leading developer of real time communications software solutions, has been named “Silver Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. The GENBAND team will be on hand to demonstrate their newest product, Kandy. Kandy is a communications Platform-as-a-Service (PaaS) that enables companies to seamlessly integrate more human communications into their Web and mobile applicatio...
Apr. 18, 2015 06:00 AM EDT Reads: 2,212
SYS-CON Events announced today that BroadSoft, the leading global provider of Unified Communications and Collaboration (UCC) services to operators worldwide, has been named “Gold Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BroadSoft is the leading provider of software and services that enable mobile, fixed-line and cable service providers to offer Unified Communications over their Internet Protocol networks. The Compa...
Apr. 18, 2015 05:30 AM EDT Reads: 2,144
PubNub on Wednesday released an open source template to allow developers to add Skype-like video chat into their apps. The free template provides a fully functional video chat platform using WebRTC, PubNub and Google Authentication for a global, reliable collaboration solution. “While the WebRTC protocol has created huge excitement as a way to deliver video chat ubiquitously, there’s still a gap between the protocol itself and the ability to deploy a working, globally scaled, collaboration appl...
Apr. 18, 2015 01:00 AM EDT Reads: 7,383
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquir...
Apr. 18, 2015 01:00 AM EDT Reads: 889
Today, IT is not just a cost center. IT is an enabler and driver of business. With the emergence of the hybrid cloud paradigm, IT now has increasingly more capabilities to create new strategic opportunities for a business. Hybrid cloud allows an organization to utilize multi-tenant public clouds, dedicated private clouds, bare metal hosting, and the associated support and services for the right use cases through an on-demand, XaaS model. This model of IT creates tremendous opportunities for busi...
Apr. 18, 2015 12:00 AM EDT Reads: 3,810
ProfitBricks has launched its new DevOps Central and REST API, along with support for three multi-cloud libraries and a Python SDK. This, combined with its already existing SOAP API and its new RESTful API, moves ProfitBricks into a position to better serve the DevOps community and provide the ability to automate cloud infrastructure in a multi-cloud world. Following this momentum, ProfitBricks has also introduced several libraries that enable developers to use their favorite language to code ...
Apr. 17, 2015 06:00 PM EDT Reads: 1,241
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists will discuss how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations m...
Apr. 17, 2015 05:00 PM EDT Reads: 1,619
SYS-CON Events announced today that kintone has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. kintone promotes cloud-based workgroup productivity, transparency and profitability with a seamless collaboration space, build your own business applic...
Apr. 17, 2015 04:45 PM EDT Reads: 1,451
SYS-CON Events announced today that Stratoscale, the new data center operating system, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Based in Herzeliya, Israel, Stratoscale is redefining the data center, developing a hardware-agnostic, software platform hyper-converging compute, storage and networking across the rack or data center. The self-optimizing platform automatically distributes all physical...
Apr. 17, 2015 04:45 PM EDT Reads: 1,539
of cloud, colocation, managed services and disaster recovery solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. TierPoint, LLC, is a leading national provider of information technology and data center services, including cloud, colocation, disaster recovery and managed IT services, with corporate headquarters in St. Louis, MO. TierPoint was formed through the strategic combination of some of t...
Apr. 17, 2015 04:00 PM EDT Reads: 1,276
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. In his session at 16th Cloud Expo, Haseeb Budhani, CEO and Co-founder of Soha, will share five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the frict...
Apr. 17, 2015 04:00 PM EDT Reads: 1,333
SYS-CON Events announced today that Soha will exhibit at SYS-CON's DevOps Summit New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Soha delivers enterprise-grade application security, on any device, as agile as the cloud. This turnkey, cloud-based service enables customers to solve secure application access and delivery challenges that traditional or virtualized network solutions cannot solve because they are too expensive, inflexible and operational...
Apr. 17, 2015 03:45 PM EDT Reads: 1,398
SYS-CON Events announced today that Vicom Computer Services, Inc., a provider of technology and service solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. They are located at booth #427. Vicom Computer Services, Inc. is a progressive leader in the technology industry for over 30 years. Headquartered in the NY Metropolitan area. Vicom provides products and services based on today’s requirements...
Apr. 17, 2015 02:00 PM EDT Reads: 1,310
What exactly is a cognitive application? In her session at 16th Cloud Expo, Ashley Hathaway, Product Manager at IBM Watson, will look at the services being offered by the IBM Watson Developer Cloud and what that means for developers and Big Data. She'll explore how IBM Watson and its partnerships will continue to grow and help define what it means to be a cognitive service, as well as take a look at the offerings on Bluemix. She will also check out how Watson and the Alchemy API team up to off...
Apr. 17, 2015 12:00 PM EDT Reads: 1,392
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding bu...
Apr. 17, 2015 12:00 PM EDT Reads: 2,042
With IoT exploding, massive data will transform businesses with opportunities to monetize almost anything that can be measured. In this C-Level Roundtable Discussion at @ThingsExpo, Brendan O’Brien, Aria Systems Co-founder and Chief Evangelist, will lead an expert panel of consultants, thought leaders and practitioners who will look at these new monetization trends, discuss the implications, and detail lessons learned from their collective experience. Finally, the panel will point the way forw...
Apr. 17, 2015 11:15 AM EDT Reads: 1,367