The Top 5 Cloud Computing Security Considerations

With all the benefits that come to mind when considering using computing as a service from a cloud computing provider, we might do well to review the risks before jumping on board blindly. Some services are well suited to distributed, oursourced provisioning. Others may be more difficult logistically. Some might always be deemed too risky to migrate to cloud computing. Other, bleeding edge firms might determine that the agility surpasses any risk. Let's review the top five security considerations involving cloud computing.

OK, any provider is going to say their systems and services are secure. But how can you be sure? Why would you trust a salesperson's word on it? Be wary of any cloud computing provider that isn't open to an external security audit. If they are secure, they should welcome the validation. Ask if any have been done, and of course have your own audit performed.

Don't just assume that because you hear that the platform holding your company's data is "secure", that it's private and inaccessible by untrusted users. Encryption should be present for communications during user sessions, between application servers and databases and data stores, and the files and/or volumes themselves should be encrypted. It may seem like overkill, but that's what's required for privacy.

An often overlooked aspect of security is this aspect of availability--can you move or transfer your data and the service to another provider when you want to? How will you get your data from the cloud computing provider? How soon will they get it to you if you ask for it? Will they work with your new service provider to expedite the transfer or automate it?

Availability, as we have mentioned, is a critical component to consider. Quality-of-service guarantees made explicit in your Service Level Agreement (SLA) should be examined closely before moving to cloud computing. You may appear to be saving money, but how much would you use if the service was down during your busiest hours? For a day?

The cloud computing model makes such a good case, it may cause us to overlook one component that will always be present and will always need security attention--user PCs. Because the applications and services are available anywhere, anytime, users may be tempted to use any computer available. This is a huge risk. Keystroke loggers or other malware may be on unsecured computers.

For some business needs cloud computing makes enormous sense and can provide performance and scalability that some SMBs could never otherwise achieve. When considering cloud computing, don't gloss over these security considerations--they are always important.