Guest blog post by: Blake Pappas
There are a lot of benefits to cloud computing, such as access to business software via mobile devices, as well as quality data backup. Some IT security experts now say that cloud computing may be more secure than we previously thought. In fact, it could be more secure than traditional computing.
In the past, CIOs have expressed concern about transitioning to cloud-based software because of potential security issues, but as Neil Readshaw, the lead architect for IBM’s cloud security, noted, “security is perceived as an inhibitor of cloud, but it can also be viewed as an enabler.” Readshaw went further, pointing out that it is his responsibility to make the cloud even more secure, and therefore more successful.
So What Kind of Security Solutions are There?
There are a number of security options that are evolving for the cloud. One of the biggest ones focuses on transparency, which allows cloud users to verify that their data is actually set up on its own server. Most of the larger service providers have virtual private cloud services, where customers can choose to host their data on private servers. This is perfect for transparency, as the user can monitor exactly how the CPU cache on their cloud servers is operating, to see if they’re functioning the way they are expected to.
Another security solution that can be used to protect data in the cloud is an intrusion detection system (IDS). Basically, an IDS monitors network traffic for any possible suspicious activity, and then notifies the network administrator, or system, once it has discovered an issue.
Finally, it’s also important to make sure that all of your devices that are connected to cloud-based software have strong, unique passwords, and businesses should further consider implementing encryption on all devices that transmit sensitive data; particularly, when using cloud-based apps that handles sensitive financial or health care data. According to a recent McAfee threat report, 61% of people reuse the same password on multiple websites. Businesses should develop a policy that includes specifications on the length and content of a password in order to reduce the likelihood of hacking.
But, What Kind of Risks Are There?
It’s important to remember that the risks of cloud computing are very similar to ones that a user could experience with traditional computing.
If a SaaS app is being used to access files and back them up (meaning that other copies of the files exist), losing data that has been backed up is less injurious. Depending a company’s preference and size, some of the backup solutions can be tailored to meet requirements related to storage location, frequency, and types of data being backed up. The more locations used to backup data, the better your odds are of preventing data loss.
Also, data breaches and hack attacks are always a possibility—regardless of an application’s cloud orientation—so, corporate decision-makers need to weigh the risks when transmitting sensitive data and take appropriate measures to thwart intrusions. Of course, a traditional server could be subjected to data breaches, too. In these environments, the cloud can be even more secure—in essence, it has two pairs of eyes monitoring data (the application provider and the company who owns the data).
Another thing to keep in mind is that, with the surging BYOD movement, employees are increasingly using their mobile devices in business settings. If someone can access the cloud via their mobile device at work, while still using it for personal reasons, it’s possible that data can be compromised. This isn’t necessarily a flaw centered on cloud computing, inasmuch as it is a potential shortcoming of corporate IT infrastructure. To further thwart potential hacks, endpoint authentication and two-step authentication can be implemented for data transmissions.
Cloud security is developing far faster than most other forms of security, which means that it’s likely that the cloud will become even more secure as time goes on. Indeed, its a topic that has been taken up by both the federal government in its FedRAMP program that seeks to certify cloud-service providers for government use, and by the Cloud Security Alliance (CSA), which has several working groups pouring significant effort into defining SaaS industry standards.
While all of these endeavors are promising for data security in the cloud, they will undoubtedly take some time to mature. In the meantime, whether it’s through the use of private virtual servers, partitioning data, or better transparency and infrastructure, transmitting data via cloud-based software appears to be the future of business. No matter the size of a company, protecting and storing data is incredibly important for all (customers and) employees, ranging from an entry-level programmer to those with extensive tenure and an MS in information security. When considering which data should be stored or shared via the cloud, your questioning should always begin by taking a look at the sensitivity of the data going into the Software-as-a-Service.
About SaaS Markets
SaaS Markets, based in San Mateo, CA, builds and delivers app stores for the global Software-as-a-Service (SaaS) market. Through relationships with major financial institutions, retail brands, technology companies, small business associations and leading brands, SaaS Markets is bringing Software-as-a-Service to millions of small and medium-sized businesses around the world. SaaS Markets’ MarketMaker App Store Platform offers companies a user-friendly portal that makes it easy for them to choose the right cloud-based tools for their business needs. Learn more about SaaS Markets at: www.SaaSMarkets.com, or call 650.458.0748.