University of Phoenix – CMGT 441
Cloud computing is a fast growing information technology trend that many companies including Google, Microsoft, and IBM are currently looking to get a stake in as demand for the service grows. Cloud computing is the concept of allowing both individuals and businesses to store data and applications on remote servers (owned and operated by a third party company), rather than on their own hard drives and data centers. The service boasts the ability to securely access data and applications from just about any device with an internet connection, allowing for such services as streaming music from a personal collection from multiple devices, and even to business development and storage of applications on remote servers. For the past few years, cloud computing has quickly grown in popularity, and as such, has come with its own set of risks and security concerns. As use of this service grows by both consumers and businesses, it will no doubt continue to attract the attention of hackers and cyber criminals, as it offers a central repository of data that can contain everything from financial statements, to company intellectual property. On 7/11/2011, eweek.com posted an article called “Cloud Computing Security: 10 Ways to Enforce It”, which attempts to give several suggestions on the best way to ensure that cloud computing is as safe as it is convenient.
The articles goes through 10 steps that it claims are sure fire ways to ensure that security in cloud computing is effective. While I think that the suggestions given seem valid and thought out, I found that the lack of details and information left much to be desired. I think that the importance of such a topic, especially as cloud computing continues to grow in popularity and use, cannot be taken lightly, and thus these articles are crucial. The article gives the following 10 steps:
1. Identify the Foundational Controls – These are the core of any company’s security philosophy, and a relatively small number of controls must be identified and considered of upmost importance. This step attempts to ensure that these factors are considered as the company embraces cloud computing. 2. Focus on the Workload – The article claims that an organization’s confidence goes hand in hand with cloud security. Each and every workload should be considered independently, rather than as a whole. This is because each may have its own governing factors. It is apparently more important to focus on the workload than just the cloud service itself. 3. Build Consensus Early – Security in the cloud is a group effort. Stake holders must agree on what constitutes proper security measures, and no security details or risks should be omitted. All parties involved must understand the risks, and come to a consensus as to how they should be addressed, as to not overlook critical variables. 4. Implement a Risk Mitigation Plan – Documentation, education, and training are important features to consider when it comes to cloud security. A proper plan will allow for security issues to be dealt with as they arise, while ensuring little impact to customers. 5. Don’t Forget Image Management – Virtualization capabilities must be given a management process of their own. This helps to ensure that only the right images are available, which seems to be in the interest of limiting potential security flaws in bad images. 6. Conduct a Security Evaluation – Applications, data, and anything being migrated to the cloud should be evaluated for security flaws and vulnerabilities FIRST. Companies may want to consider outside specialists, such as ethical hackers, to test the integrity of all assets being moved to the cloud before putting them there. 7. Take Advantage of Security Services – Companies should look at services that have been created specifically for cloud computing. These can include everything from intrusion prevention,...