How Do You Measure Security and the Cloud?

How Do You Measure Security and the Cloud?
Page content

How Is the Cloud Different from the Internet?

Simply put, the Cloud provides services to enterprises whereas the Internet does not. The Cloud has data centers that act as final destinations, but the Internet is an open highway where there is no final destination. The goal of Cloud services is to allow companies to have access to the latest technologies but not necessarily buying them. This could be software or hardware based. The Cloud offers a business the opportunity to run programs, save files and perform backups to the Cloud services. Data centers are at the heart of the Cloud because that is where the enterprise data is processed or saved. It is important to know about the elements of security and the Cloud.

By contrast, the Internet can offer some of these services, but when it does they are disjointed. In effect, the Internet functions to direct individuals to websites, but these are not data centers. You can store files on the Internet, or run programs from there using specific sites that you have contracted with to perform these duties. However, those operations are separate and specific to certain web operations and not the main ones for the Internet . More information on the Cloud can be found at The Advantages of Cloud Computing.

Security, Hack Attacks and Data Centers

So, everything sounds good. However, it is not. Security hacks have occurred at Microsoft, Google, Microsoft and Amazon. Microsoft cloud services were hacked in December 2010. A compromise occurred when non-authorized users downloaded data, contained within the Business Productivity Online Suite (BPOS).

Google was hacked back in January, and e-mail data was compromised. The debate that ensued was whether the attack really compromised its data center. The argument against it was that that social engineering, not network intrusion, was at the core of the attack. The hackers presumably gained information about the network by talking to people, not by using special hacking tools.

In April 2011, Amazon lost its data center. At this point the problem appears to have originated with a loss of power. However, later in the month, the Sony PlayStation network went down and some believed that hackers created legitimate accounts through the Amazon EC2 service, and that allowed them to access the PlayStation system. The hackers staged their attacks on Sony via Amazon.

These incidents play up the notion that Cloud services can be hacked by anyone. Some can come from social engineering avenues (Hey, I’m here to fix a server, what’s the password?), others taking advantage of power outages to create fictitious accounts, or even when there were openings available that the provider didn’t even know existed. For additional information about data centers see Data Center Physical Security Checklist.

Is Security Possible?

First, is security taken seriously? Apparently not: While the Cloud has many features that make it a valuable alternative to companies who want the latest technology but cannot afford it, a recent study by the Pomeron Institute identified some troubling aspects about Cloud security. The troubling part was that security was a low priority for cloud service providers and, so, for their customers. A substantial number, 73 percent of U.S. service providers, said in a survey that their cloud services did not substantially protect and secure confidential or sensitive information. Two-thirds of U.S. providers were unsure whether their solutions meet the customers’ security requirements.

Secondly, monitoring the data centers and protecting against breaches can be costly and time consuming. This becomes a problem because it makes cloud operations more expensive for the customer, thereby undermining the cost reduction argument of the Cloud to begin with.

Then, consider the problemabout who is responsible for data security on the Cloud. Some say that it is the Cloud provider; others say the users; and then some say a combination of the two. If the data center is compromised, and data is stolen that is not encrypted, whose fault is that–arguably both.

Too Many Services

There are over 150 enterprises now offering Cloud services. This allows companies that are unable to upgrade their existing technology to get access to the latest hardware and software technology by leasing it using Cloud service operations. This can be a boon to companies because it costs less to operate the latest systems than to them. But the downside is that the data centers that host the hardware and software are vulnerable, and if they go down, this can affect many companies.