Textual description of firstImageUrl

Demystifying Top Cloud Security concerns

Demystifying top Cloud Security concerns

Security concerns with cloud environment still loom large among enterprises. This is despite that clout of cloud computing is everywhere from consumers to enterprises. Most of the enterprises agree with the efficiency and economics of cloud computing brings to their organizations.

In this post, we will try to look at the security concerns of cloud computing. To access overall security perspective, let's look at two high-level data center security questions.

  • What is the cost and requirements of implementing security in any data center?
  • How cloud helps enterprises to solve those problems in a cost-effective manner?
To dive into our goal to demystify cloud security concerns, let's summarize activities enterprises have to consider while security data centers.

  • Firmware maintenance (due to bugs-fixes and vulnerabilities found) and upgrades
  • Operating system maintenance and upgrades
  • Application maintenance and their upgrades
  • Secure data at rest and data-in-motion
  • Access control mechanisms
  • Adopting to security standards as per different regulations
  • Monitor whole data center environment 24x7 with trained security staff
These are the some of the high-level items that affect the security state of data center. The last two items in above list require significant investment and monitoring.  

To comply with security standards and regulations such as HIPAA or the Health Insurance Portability and Accountability Act, The Sarbanes Oxley Act, Federal Information Security Management Act of 2002 (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm Leach Bliley Act (GLBA), investment is considerable. Also, it is a costly affair to train and maintain security staff to monitor entire data center environment continuously.

The cloud providers such as AWS cloud have adapted to so many compliances that are difficult and costly to achieve in private data center. Same is the case for Microsoft Azure cloud and Google cloud offerings. 

AWS security compliance

Most of the cloud service providers (CSP) also support strong encryption in their environment and it applies to both data at rest and data in motion. They also provide strong backup and restore mechanism along with identity and access control mechanisms (IAM). Most of the CSP infrastructure is also resilient to denial of service (DOS) or distributed denial of service (DDOS) attacks or we would rather say that CSPs handle the risks posed by DOS or DDOS attacks.

As we can clearly see there are a lot of security advantages if enterprises start consuming cloud infrastructure as compared to in-house data centers. However, enterprises in some sectors such as banking or defense are reluctant to move their infrastructure to cloud. But this does not stop them from pumping benefits of cloud environment as these enterprises can set up their own private clouds such as OpenStack or Azure stack.

What do you think about cloud security? Is it wise to move to the public cloud or private cloud? Tell us in comments below.

By Mandar Pise

Opinions expressed by techsutram contributors are their own.

No comments:

Post a Comment

    Your valuable comments are welcome. (Moderated)


Instagram