Basic HTML Version
Page 8
Page 9
A
re you hesitant about adopting cloud computing
services into your IT infrastructure? You are not
alone. Data security is the leading concern for IT
professionals when it comes to cloud computing.
Services like Amazons EC2 are simply not equipped
to address the security and privacy needs of data-
sensitive organizations. Because public cloud services
offer server instances for many clients on the same
hardware, your data can get literally “lost in the
clouds”when you have very little control over where
your data lives.
Private cloud computing allows for the control that
most PCI and HIPPA-sensitive organizations require
over their data. When it comes to security, the
importance of control over your environment cannot
be overstated, and leads most IT professionals to
adopt private cloud hosting over the public cloud.
When comparing cloud options, here are 5 security
tips to consider:
Tip #1: Know where your data lives.
How can you secure your data if you don’t know
where it is? Sure, firewalls and intrusion detection
and prevention can keep out most intruders, and
data encryption keeps the data safer, but how do
you know where your data goes when you terminate
your service or when the cloud provider goes out
of business? Being able to point to a machine and
say your data and only your data is on that machine,
goes a long way in the security of your data in the
cloud. Dedicated hardware is the key that allows for
cloud computing services to pass the most stringent
security guidelines.
Tip #2: Always backup your data.
One of the most overlooked aspects of cloud
computing and one of the easiest way to increase the
control of your data is to make sure that whatever
happens, you have a secure backup of that data. This
is more about securing your business than your actual
data but provides the same type of peace of mind.
We have seen big companies like T-Mobile lose its
customers data, by not having a backup, leaving them
with nothing.
Tip #3: Make sure your data center takes
security seriously.
By knowing which server and data center your data is
being stored at, you can probe them for all applicable
security measures that are in place. You can see if they
are SSAE 16 or SAS 70 audited, and if they have clients
that are HIPAA or PCI certified. Managed services
can also add a great deal of benefit and expertise to
making your applications, data, and business more
resilient. Services like managed firewalls, antivirus,
and intrusion detection are offered by reputable data
center or cloud providers, and allow for increased
security measures for managed servers.
Tip #4: Get references from other clients.
When in doubt, ask your cloud provider for client
references that require stringent security measures.
Financial, healthcare, insurance, or government
organizations are a good start. While references don’t
guarantee anything, chances are if other companies
that have similar security goals are using the provider,
you may be a good fit as well. Be sure to contact these
references directly when possible to see what these
companies are using the cloud services for, and the
steps they have taken to secure their data.
Tip #5: Test, Test, Test.
Assume nothing. The only way to make sure
something is secure is to test it. It is not uncommon
for highly data-sensitive organizations to hire a
skilled ethical-hacker to test their security provisions.
Vulnerability scanning and assessments are just as
important inside the cloud as they are outside the
cloud. Chances are that if you can find a way to get
unauthorized access to your data, someone else can
as well.
Achieving sufficient security assurances in the cloud
is possible but it is not guaranteed. Just like any other
IT project, you have to do your homework and in the
case of security, it is better to be safe than sorry. The
private cloud hosting model can certainly provide a
more secure framework than the public clouds.
C
learly, enterprise IT has become very “cloudy.”The
term cloud computing has grown from a little-known
buzz-word into one of the hottest topics in IT today.
This surge in interest has led to a great deal of debate
as to what cloud computing is and how to apply it
to the enterprise. However, in the course of these
conversations, one critically important issue seems
to be casually overlooked and underappreciated the
difference between cloud infrastructures and cloud
platforms, and the benefits of each to the enterprise.
Infrastructure-Oriented Clouds
Infrastructure-oriented approaches to cloud,
including Infrastructure-as-a-Service (IaaS) offerings,
seek simply to provide access to virtualized
computing resources in an on-demand manner.
Typical of this approach is Amazon’s EC2, through
which any user can request Linux or Windows
virtual machine instances which are created on the
fly and billed based on actual usage. The user of
cloud infrastructure always knows how many virtual
machines they have and what their individual IP
addresses are and, in the case of Amazon’s EC2, the
“sizes” of each instance. However, clients don’t know
where the machines are geographically or what kind
of hardware is being used. This is what makes the
service cloud-like. Of critical importance is the fact
that the management of the individual instances
is handled at the operating system level and on a
machine-by-machine basis. While this may increase
end-user control it also dramatically increases
operational complexity.
Platform-Oriented Clouds
Platform-oriented approaches to cloud are
distinguished by the higher level of abstraction
they provide as well as the supporting services
they make available to the applications that run on
them. Google’s AppEngine is a good example of
the Platform-as-a-Service (PaaS) approach and the
distinction between infrastructure-and platform-
oriented cloud types. The platform user is solely
concerned about the applications they are running in
the cloud. To migrate an application to the cloud they
simply package it and then deploy it to the cloud.
The deployment happens in a single step and the
end-user doesn’t necessarily even know whether the
application is being run on a single virtual machine
or 10 at any given point in time. In addition, the
application can take advantage of special services
provided by the platform, such as authentication or
data access.
The Business Case for Cloud Platforms
There is little doubt that various forms of cloud
computing will play an increasingly important role
for organizations seeking a competitive advantage.
Enterprises that employ cloud platforms “in either
public or private cloud environment”will benefit from
the increased scalability, security, and portability of
their cloud-based applications, as well as the ability to
manage third party applications. Cloud platforms will
also help them to significantly reduce time-to-market,
realize substantial cost-savings and react more quickly
to changing market conditions. Because of these clear
benefits to IT departments and to an organization’s
business goals, cloud computing is here to stay and
cloud platforms will help unlock the power of cloud
computing for the enterprise.
Cloud Platforms Vs Cloud Infrastructure
Lionel Nowspeed
5 Tips For Cloud
Computing Security
http://ezinearticles.com/?5-Tips-For-Cloud-Computing-Security&id=5573572
Mike T Klein
http://EzineArticles.com/?expert=L_Nowspeed