A look at how to ensure that your data is protected from prying eyes.
Security continues to top the list of concerns cited by cloud computing users, so you can be sure that cloud service providers also place a high priority on ensuring that your data is neither compromised nor corrupted. Below are some of the key points you should check that your provider has implemented.
The service provider should embed security into the fabric of the infrastructure, test for vulnerabilities and respond quickly to any that may be discovered. They need to operate a rigorous set of operational security controls, including tight control over authentication and high levels of monitoring, logging and reporting.
Responsibilities for network protection and management are shared between the cloud provider and the customer. As a customer, you may not have physical access to the network, but you can implement the logical equivalent within a cloud environment through tools such as guest-operated system firewalls, virtual network gateway configuration and virtual private networks.
The provider runs a multi-tenant datacentre, meaning the network hardware transports data from multiple customers. Network operations for each customer should be logically isolated to ensure complete separation of traffic from different customers. By the same token, virtual networks should also remain detached from each other. The provider should deploy firewalls, anti-malware software and partitioned LANs, offer protection from DDOS attacks and physically separate back-end servers from public-facing interfaces.
Encryption has long been the best way to protect your data's privacy, and you should implement it where you have the power to do so. Data at rest must also be encrypted. Note that encryption will require key management to ensure that data remains accessible over long periods of time, as it is all too easy to mislay keys.
Finally, tight control over authentication is critical, so that only those with the correct privileges have access to sensitive data. Many cloud providers allow you to manage cloud authentication using your company's Active Directory service, making it easy for you to build policy-based identity management into your cloud applications.
Security is a multi-layer, multi-disciplinary issue, impossible to fully encapsulate in a short blog. Nevertheless, concentration on these key issues will help keep your data accessible to your eyes only.