Demystifying Top Cloud Security concerns

Demystifying top Cloud Security concerns

Security concerns with the cloud computing environment still loom large among enterprises. This is despite the clout of cloud computing is everywhere from consumers to enterprises. Most of the enterprises agree with the efficiency and economics of cloud computing brings to their organizations.

In this post, we will try to look at the general security concerns for cloud computing. To access the overall cloud security perspective, let's look at two high-level data center security questions.

  • 1. What is the cost and requirements of implementing security in any data center?
  • 2. How cloud computing helps enterprises to solve those problems cost-effectively?

To dive into our goal to demystify cloud security concerns, let's summarize activities enterprises have to consider while security data centers.
  • 1. Firmware maintenance (due to bugs-fixes and vulnerabilities found) and upgrades
  • 2. Operating system maintenance and upgrades to fix OS security vulnerabilities and performance issues
  • 3. Application maintenance and their upgrades to fix application's security vulnerabilities, performance issues and introduce new features
  • 4. Secure data at rest and data-in-motion
  • 5. Securing Access control mechanisms
  • 6. Adopting security standards as per different regulations
  • 7. Monitor whole data center environment 24x7 with trained security staff

These are some of the high-level items that affect the security state of the data center. The last two items in the above list require significant investment and monitoring.  

Read more on cloud computing,
To comply with security standards and regulations such as HIPAA or the Health Insurance Portability and Accountability Act, The Sarbanes Oxley Act, Federal Information Security Management Act of 2002 (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm Leach Bliley Act (GLBA), investment is considerable. Also, it is a costly affair to train and maintain security staff to continuously monitor the entire data center environment.

The cloud providers such as AWS cloud have adapted to so many security and regulative compliances that are difficult and costly to achieve in a private data center. The same is the case for Microsoft Azure cloud and Google cloud offerings. 

AWS security compliance

Most of the cloud service providers (CSP) also support strong encryption in their environment and it applies to both data at rest and data in motion. They also provide strong backup and restore mechanisms along with identity and access control mechanisms (IAM). Most of the CSP infrastructure is also resilient to denial of service (DOS) or distributed denial of service (DDOS) attacks or we would rather say that CSPs handle the risks posed by DOS or DDOS attacks.

As we can clearly see, there are many security advantages if enterprises start consuming cloud infrastructure compared to in-house data centers. However, enterprises in some sectors such as banking or defense are reluctant to move their infrastructure to the cloud. But this does not stop them from pumping benefits of cloud environment as these enterprises can set up their own private clouds such as OpenStack or Azure stack.

What do you think about cloud security? Is it wise to move to the public cloud or private cloud? Tell us in the comments below.

Note: We at TechSutram take our ethics very seriously. More information about it can be found here.
Mandar Pise Opinions expressed by techsutram contributors are their own. More details

Mandar is a seasoned software professional for more than a decade. He is Cloud, AI, IoT, Blockchain and Fintech enthusiast. He writes to benefit others from his experiences. His overall goal is to help people learn about the Cloud, AI, IoT, Blockchain and Fintech and the effects they will have economically and socially in the future.

No comments:

Post a Comment

    Your valuable comments are welcome. (Moderated)