Case Study: How Secure is the Cloud?
CSQ1: Although cloud computing have the potential to deliver powerful benefits, they pose new challenges to system security and reliability. Cloud computing is indeed cloudy, and due to lack of transparency it creates so many problems. One of the major security issue is cloud computing is highly distributed. Cloud applications and application mash-ups reside in virtual libraries in large remote data centers and server mainly supplies business services and data management for multiple corporate and organizations clients. To save money and keep costs low, cloud computing providers often distribute work to data centers around the globe where work can be accomplished most efficiently. When we are using the cloud, we don’t know where our data is hosted and might not even know the country where they are being stored. The dispersed nature of cloud computing makes it difficult to track unauthorized activity. Virtually all cloud providers use encryption, such as Secure Sockets Layer, to secure the data they handle while the data are being transmitted. But if the data are stored on devices that also store other companies’ data, it’s important to ensure these stored data are encrypted as well. It is essential to understand if and how data can move in and out of the cloud. Having a high-level understanding of the security risks involved also enables businesses to understand which security and risk controls are appropriate to be executed, and to act proactively.
CSQ2: The factors that contribute to these problems are as follows: One way to deal with this is to use a cloud vendor that is a public company, which is managed by law to keep a eye on it how it manages information. Another way is to use a cloud provider that give subscribers the option to choose where their cloud computing work takes place. Even if your data are totally secure in the cloud, you may not be able to prove it. Some cloud providers don’t meet current compliance requirements regarding security such as Amazon, have asserted that they don’t intend to meet those rules and won’t allow compliance auditors on-site. There are laws restricting where companies can send and store some types of information—personally identifiable information or applications that employ certain encryption algorithms. Companies required to meet these regulations involving protected data won’t be able to use public cloud providers. Some of these regulations call as a proof that systems are securely managed, which may require confirmation from an independent audit. Large providers are unlikely to allow another company’s auditors to inspect their data centers. Microsoft found a way to deal with this problem which will be helpful. Microsoft does not give every customer or auditor access to its data centers, but its compliance framework allows auditors to order from a menu of tests and receive the results. Agreements for services such as Amazon EC2 and Microsoft Azure state that these companies are not going to be held liable for data losses or fines or other legal penalties when companies use their services. Both vendors offer guidance on how to use their cloud platforms securely, and they may still be able to protect data better than some companies. Salesforce.com had been building up and redesigning its infrastructure to ensure better service. The company invested $50 million in Mirrorforce technology, a mirroring system that creates a duplicate database in a separate location and synchronizes the data instantaneously. If one data- base is disabled, the other takes over. The company distributed processing for its larger customers among these centers to balance its database load. CSQ3: Cloud...
Please join StudyMode to read the full document