Cloud computing has metamorphosed from being a niche concept to one of the fastest growing segments in the IT industry. According to Gartner’s report on cloud services, End-user spending on public cloud services is expected to record a compound annual growth rate of 17.7% from 2011 through 2016. While cloud computing helps businesses become more agile and cost-efficient, it comes packaged with an assortment of challenges. Paramount amongst them is the safety and security of the data in the cloud. This is even more significant in the wake of incidents like the infamous NSA leaks by Edward Snowden. Data security is in fact considered the biggest hindrance for faster cloud adoption.
All the three cloud service models – Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) pose their own set of data security challenges. SaaS accentuates the need for better authorization controls in applications. Security considerations for PaaS include strong access and authorization controls and storage and data security. IaaS forces IT administrators to design a foolproof IT governance framework, so that resource misuse can be prevented.
Some of the key data security challenges in the cloud are:
1. Protecting Intellectual Property from nefarious attacks.
2. Compliance with government regulations(e.g, ITAR, HIPAA etc)
3. Multi-tenancy
4. Protecting data at rest
5. Protecting data in transit
6. Insecure Interfaces and APIs
7. Data breach notification
8. Data residency
9. Auditing, Reporting and Compliance
10. Monitoring data in the cloud
11. Malware infection
12. Data retention and secure disposal of data
13. Encryption Key Management
14. Data uptime
The Cloud Security Alliance (CSA) conducted a study on vulnerability incidents between 2007 and 2012 and found that ‘Insecure Interfaces & APIs’ accounted for 29% and ‘Data Loss & Leakage’ accounted for 25% of all threats reported. What is even more interesting in this report is that the cloud service providers did not reveal the causes of the outages in 25% of the cases. This lack of standards in SLAs for cloud services makes selling cloud services all the more difficult. But all is not lost yet. There are tools and best practices that can help overcome these roadblocks. In this series of blogs, we’ll discuss each of the challenges listed above and see how we can mitigate the risks.
__
Sudhi is a senior software engineer at NextLabs.