Cloud solutions have gotten a bad rap. They have incredible potential to minimize a business’s IT infrastructure, scale to meet rapid demand, support mobile workers, and cut costs, but they have also gained the reputation of being a risky investment. Many people are just not ready to trust a third party to secure their confidential data.
I read a series of articles regarding the McAfee security meltdown that occurred a while ago. In this piece by InfoWorld, the author blames McAfee’s blunder on its use of cloud computing. He states that there is no way to know that your data is being treated properly… that it is “being guarded by teams of highly trained security professionals, monitored for threats both internally and externally, and that cutting-edge technology is being employed to ensure against pilfering or destruction.”
This article is then countered in a Web Security Journal article by Salvatore Genovese. Salvatore puts forth the valid argument that the author explicitly stated that McAfee’s system is not cloud computing at all, but a reverse model. He also argues that this problem results from nothing more than an error by McAfee.
What these two opposing viewpoints make evident is the fact that there are several hurdles we need to overcome before cloud solutions can reach their potential. First of all, the cloud needs to stop being the go-to scapegoat when bad press hits. We need to nail down the definition of what “cloud” is, and no longer allow it to be thrown around haphazardly. It is only human nature to fear what we don’t understand, and the same goes for the cloud.
The SNIA CDMI standard is another great step in the right direction. This standard fosters interoperability between vendors, so users can easily move their data between cloud providers, and centers around a REST API. This has been a hot topic for some time, and bodes well for users who will experience increased freedom, and less of an API lock-in from vendors.
Ultimately, skepticism of the “cloud” centers around security, and it is imperative that companies contemplating jumping into the cloud clarify with vendors about the various aspects of data security:
-Security in Redundancy– Data is duplicated in various locations.
-Security in Accessibility– Data can be accessed when it is needed as per SLA.
-Security in Transit– Encryption of data during transfer.
-Security in Storage– Encryption of data at rest.
-Security in Segregation– A hack of one account does not mean all are compromised.
-Security at the Physical Level– Data is stored in audited, secure locations of the client’s choosing.
-Security After Deletion– 100% assurance that when you delete data from the cloud, it is truly gone
The cloud is no different than any repository of confidential data… it needs to be chosen wisely. Once that is ironed out, it is difficult to argue with the economics and value of cloud solutions.
Server hardening is a necessary process. And it’s a never-ending one. From the moment you pull the machine out of the box (or create it in the virtual environment), it pays to be thinking about security. But server hardening can do more than keep your machine safe. It will help with performance, and it can […]
According to the FBI, ransomware became a billion dollar industry in 2016. That is right, $1 billion. If ransomware were a legitimate industry, it would be the focus of case studies in every business school in the world as its growth is unprecedented. This growth is attributed to four primary reasons. The amount of money […]
If you went to bestbuy.com and the site was unavailable, how long would it take for you to go to amazon.com or elsewhere to find what you wanted? On average, it’s less than 30 seconds; it used to be much longer, but our society has grown impatient. If you’re not available when customers are looking […]
Redundancy is indispensable in the world of information technology. Of course, redundancy is not welcome in every aspect of life. If your company doesn’t need you anymore and makes you “redundant”, you’ll have to look for another job. Poorly written text may be credited to the Department of Redundancy Department. The concept of redundancy is […]