As cloud computing is becoming increasingly more mainstream, it becomes harder to distinguish between the generic security issues that an IT manager needs to tackle, from those that are specific to cloud computing. Things like roles and responsibilities, secure application development, least privilege and many more apply equally well in traditional environments as they do in the cloud.
So what are the new cloud computing security issues?
- First, there are definitely new threats relating to Cloud Computing Security Issues. There are whole new attack vectors that potentially give the attacker unlimited control over your IT infrastructure. If (as a moderately large enterprise) you have a group of 20 persons who have strong control (“power user”) over your cloud computing account, or over your private cloud authentication framework, then you have a group of 20 people who have full, unmitigated control of your IT infrastructure’s availability and the privacy of your business-critical data. And if one of these people is not careful, an attacker can get hold of the same powers.
- More than that, in a cloud computing (specifically public cloud) environment you also trust your critical data with the cloud provider’s personnel. Most cloud providers are doing a very good job protecting customer data from outsiders. But are they equally diligent protecting the same data from their own technical people?
- Although the cloud computing infrastructure is generally very secure, it is also a very tempting target for the criminal underground. All public clouds have been engineered with cloud computing security as one of the top concerns. As a result, there have only been a small number of reported vulnerabilities. One example is reported here (PDF). Any such vulnerability, reported or not, in your chosen cloud, might put your entire data at risk. In the “old world”, infrastructural vulnerabilities sometimes actually pose a critical risk, but often are hidden behind multiple layers of security devices, both physical security and network/OS security.
Porticor mitigates most of the risk associated with cloud computing security issues. The Porticor Virtual Private Data System encrypts your business data and maintains the encryption keys secure but still under your control. You can rest assured that even if the cloud is somehow breached, your data will remain secure and private.