Authorized and Unauthorized Access - Cloud Computing Security Issues
Among the serious cloud computing security issues is - access to data. I call it serious because while authorized people can always access the data, the cloud service provider can also access it. That’s a cloud security breach, if it happens without the client's permission. The third type of access is unauthorized access by third parties. Hackers, in the context of cloud security, are people who are on lookout for confidential data that they can use for personal gains.
I won't say that only the last two types - cloud service provider and hackers - are the only issue. Your own authorized personnel can misuse the data.
This does not mean that you should not trust your employees. There are cases of social engineering where external people befriend your employees and try to obtain data even as the poor employee is assuming that s/he is helping a customer. You need to train your employees to help them avoid falling prey to such tactics.
First of all, you need to have a policy that checks who is accessing the data and what actions are being performed on the data. Using logs will not only help you identify malicious authorized personnel, they also show you unexpected attempts to access data by third parties - the cloud service provider or any hacker. Based on these logs, you can create and modify your cloud security policies.
Note: It may also happen that hackers could target the log files so that no intrusion attempts are recorded. This aspect should be taken seriously while creating your own cloud security policy. It is not a good idea to depend just on the security policies of the service provider.
In short, you should consider a cloud security policy before opting for any computing package. This policy should cover possible cloud computing security issues. It is always better to spend some time researching different cloud issues so that you are prepared.
This concludes my observations of cloud computing security issues. If you wish to add anything, please share it using the comments section below.