Do your kids know more about the “cloud” than you do? The word gets thrown around like it’s a necessary appliance in the house – like a refrigerator or a toaster. It’s great that the kids know to store their pictures, videos and music in the “cloud”, but what does it really mean to the work force and companies? Surely, cloud computing must be good for more than just storage. What about cloud security challenges? I mean, what does a move to the cloud really mean? A clever woman once commented, “I know my music is up on a cloud somewhere” as she looked towards the heavens. That’s funny, right? Will it be more convenient, less expensive, easier to maintain? What cloud security challenges will there be, and are they easy/expensive to overcome?
The flip side of cloud computing is to retain a locally hosted solution. Software appliances have been around much longer than the “cloud” and certainly still have their place in business. Companies have entire departments in place to research, install, configure and maintain this well-established way of managing data and processes. Bot of these formats can’t be ‘the best way’ to go, and indeed they have very different pros and cons that need to be uncovered before deciding which will be best for your requirements and limitations.
The following is a list of pros & cons for cloud computing, with special focus on cloud security challenges, and overview of how a locally hosted solution deals with the option.
Drawbacks of Cloud Computing – Various Cloud Security Challenges
It is important to know what you are getting into when researching a relatively new topic. There are various areas of the web that discuss the downsides to cloud computing, and these should not be overlooked.
- Data breaches – Among the Top 9 Threats to Cloud Computing is the idea of a data breach. One of the major cloud security challenges is that a hacker can use an opening in one client’s hosted application to gain access to apps and data belonging to other clients as well. Locally hosted solutions have more control over securing access to sensitive resources.
- Other forms of Data Loss – Hosting your data in a cloud computing environment makes a bigger opening for data loss. It could be maliciously deleted, lost by the cloud provider or even lost in disasters like fires, floods or earthquakes. Keeping the data in house allows your company the chance to prevent or mitigate these losses.
- Hijacking – Account or service traffic hijacking is also a prominent worry in cloud security challenges . Cloud computing introduces a new fear in an attacker gaining access to your credentials and then eavesdropping on your activities and processing. Hijacking also opens up your end-users or customers to eavesdropping, data manipulation and redirection to less than desirable sites.
- Indirect Vulnerabilities – Insecure interfaces and APIs used to implement a cloud computing service will leave the provider vulnerable for attack through the interface – or perhaps the user may even have to share sensitive credentials to enable the use of a cloud service.
- Denial of Service Attacks – Denial of service attacks are one of the major cloud security challenges. Through DoS attacks, it is possible for an attacker to bring your hosted site down, or cause it to consume so much processing time that the expense delivers a terrible financial set back to your bottom line.
- Bad Blood – Current or former employees with vengeance or other ill will on their minds. This could be a contractor, previous employee or a business partner. Levels of access to critical systems and data are increasing, and any user with ill will can wreak untold havoc on your systems without proper reporting or auditing available.
- Liability Concerns – Cloud security challenges are not only limited to hacking or data breaches. Not carrying out complete upfront research and design before implementing and hosting a cloud service leaves a company susceptible to additional risks. Poorly written agreements and contracts can lead to liability and transparency issues. Incomplete development efforts will allow operational and architectural issues not seen with standard development projects. Hosting internally with your own requirements, processes and validation techniques should let your IT staff sleep better at night.
- Single Point of Entry – Shared infrastructure, platforms and applications open a cloud service provider to exposing all of its hosted resources through a single weak entry point.
Benefits of Cloud Computing
Of course, there are also many benefits to going the cloud computing route. For a more detailed account, Modern DC Business has a fantastic article on this subject – but some of the highlights are listed below:
- Mandatory Security – Cloud providers are required to be ISO certified and adhere to regular security audits. This effort and expense may not be possible for a smaller company to accomplish for their own on-site system.
- Global Accessibility – Personal laptops get lost. It happens more than you would think. Keeping all sensitive company information in the cloud and not the laptop allows access from any machine. This doesn’t imply that laptops should stop being used, but just the opposite. Laptops won’t be a risk if they are lost when important data is stored “on a cloud somewhere”.
- Backup and Recovery – While one of the major cloud security challenges focuses on data theft/security, cloud computing does make it easier and more efficient to have multiple (and backup) versions of the same resource stored by various methods. The only viable option for local computing is to invest in backup devices and procedures – putting even more responsibility on your already over-worked IT staff.
- Expert Support – IBM’s security maven, Harold Moss, chief technology officer of cloud computing strategy, suggests:
- When companies shift computing tasks to the cloud, they’re on guard. They make sure a good strategy and technologies are in place to protect their data.
- They don’t just move everything at once and treat it all the same. The company, or the third-party cloud service provider, can set up a security regime that’s suitable for the applications they’re moving (addressing many of the various cloud security challenges noted by others).
- A third-party cloud service provider is likely to have superior security technology and expertise than does a company that’s just protecting its own data. That’s because it can spread the cost of security over a number of clients, while an individual company has to shoulder the entire burden itself (This consideration is especially important in the case of small companies).
- MFA – Multifactor Authentication is offered by many cloud providers as part of their service. Many small and mid-size companies don’t have the resources (skills, time, or money) to implement such authentication capabilities on their own. Not to mention, MFA is a must-have for mitigating many of the oft-announced and abused cloud security challenges throughout the modern digital landscape.
- Patching – Security patching is often over-looked by smaller resource challenged companies. Moving to a cloud provider can take that responsibility off of the small company and place it properly on the shoulders of the provider.
- Physical Security – Cloud computing vendors are most likely to keep their systems in facilities that have much stronger physical security controls with meaningful certifications that many smaller companies can’t afford.
Analysis and Response to Cloud Security Challenges
It looks like the biggest benefit to using the “Cloud” for your business’s computing needs is that it affords smaller companies the chance to have the big rewards that come from being able to use the powerhouse applications – chief among them being ID management and collaboration tools. These benefits were once only available to those larger corporations that could afford it – and had big enough IT teams to maintain them. Now the small guys can have this along with automatic backups as well as extended security measures such as two-factor authentication.
The security risks of locally hosted software have been vastly uncovered and are well known. Plenty of cloud security challenges have been uncovered, addressed, and overcome and more are still sure to be found and resolved. Just like anything else, someone has to be the first while blazing the way for the masses.
As a final assessment: There is no right or wrong. However, a well-educated consumer can harvest large rewards from either cloud computing or locally hosted options if they choose properly. If neither option seems like a complete fit, a hybrid solution may offer the perfect mesh of both worlds. After all cloud security challenges aren’t going to go away – security is never perfect – but that doesn’t mean there is no solution out there that can mitigate those challenges in the most beneficial way possible.
What do you think? Let us know in the comments below!