Cloud computing is a technology that allows several users to access IT services provided by one vendor. Due to its numerous economic benefits, it has gained a lot of popularity among many small businesses. Its main advantage is that it facilitates sharing of both hardware and software resources among the users and effectively lowers the cost per user. There have been, however, a number of cloud computing security issues that have cropped up in recent times which could potentially halt the growth of this technology.
Security strengths and weaknesses largely depend on the specific model in use. There are a number of models which are broadly divided into private, public and hybrid models. The private cloud refers to a network that is restricted to a single organization. The public model on the other hand is shared by many different organizations and may include up to millions of users. The hybrid has components from both the public and private models. Due to the restrictions of the private model, it is likely to have less security concerns compared with the other two.
In this technology, the provider is responsible for storing user information on a server located remotely. This ensures that only a few individuals who are employers of the provider. It is these employees, unfortunately, who are a threat to the data in most cases. Users need to enter into a legal agreement with the provider which requires the provider to take all the measures possible to prevent compromise of private data.
Providers have several options available as far as preventing unauthorized user access is concerned. For instance they can employ the use of usernames and corresponding unique passwords. Each user is assigned their own and cannot access information without these details. They may also use authorization formats which give different rights of access to information depending on employee designation in the company. Only the highest ranked individuals are authorized to access the most privileged information.
While it may be possible to keep unauthorized users at bay, there is still a threat posed by elements that are not in the control of the provider. These include, for example, fire outbreaks, power outages, storms and other natural disasters. The user needs to seek assurance that there is an effective data recovery plan in place to guard against such occurrences. They need to know that service provision will not be interrupted in such situations.
When data is being transferred between the network of the user and that of the service provider, it has to traverse the internet. While on transit, there is a possibility that it may be accessed illegally. It is important to ensure that the channel being used is secure. This can be achieved by ensuring that the connection with the provider is via a URL beginning with https. The data must also be encrypted and authenticated by use of the standard protocols.
A feature of all cloud computing models is that there is use of shared resources. This is a great advantage as far as the economic aspects are concerned but is in itself a weakness that may be utilized by attackers. The many different users on the network share server space as well as other resources. Attackers have in the recent past attempted to access information of fellow users due to this fact. This can be prevented by adequate encryption and compartmentalization techniques.
The use of a software interface such as the API (application programming interface) gives rise to other cloud computing security issues users are worried about. This is a program that enables computers to interact with provider software. Weak interfaces make a cloud service vulnerable to attacks and compromise data safety.
Security strengths and weaknesses largely depend on the specific model in use. There are a number of models which are broadly divided into private, public and hybrid models. The private cloud refers to a network that is restricted to a single organization. The public model on the other hand is shared by many different organizations and may include up to millions of users. The hybrid has components from both the public and private models. Due to the restrictions of the private model, it is likely to have less security concerns compared with the other two.
In this technology, the provider is responsible for storing user information on a server located remotely. This ensures that only a few individuals who are employers of the provider. It is these employees, unfortunately, who are a threat to the data in most cases. Users need to enter into a legal agreement with the provider which requires the provider to take all the measures possible to prevent compromise of private data.
Providers have several options available as far as preventing unauthorized user access is concerned. For instance they can employ the use of usernames and corresponding unique passwords. Each user is assigned their own and cannot access information without these details. They may also use authorization formats which give different rights of access to information depending on employee designation in the company. Only the highest ranked individuals are authorized to access the most privileged information.
While it may be possible to keep unauthorized users at bay, there is still a threat posed by elements that are not in the control of the provider. These include, for example, fire outbreaks, power outages, storms and other natural disasters. The user needs to seek assurance that there is an effective data recovery plan in place to guard against such occurrences. They need to know that service provision will not be interrupted in such situations.
When data is being transferred between the network of the user and that of the service provider, it has to traverse the internet. While on transit, there is a possibility that it may be accessed illegally. It is important to ensure that the channel being used is secure. This can be achieved by ensuring that the connection with the provider is via a URL beginning with https. The data must also be encrypted and authenticated by use of the standard protocols.
A feature of all cloud computing models is that there is use of shared resources. This is a great advantage as far as the economic aspects are concerned but is in itself a weakness that may be utilized by attackers. The many different users on the network share server space as well as other resources. Attackers have in the recent past attempted to access information of fellow users due to this fact. This can be prevented by adequate encryption and compartmentalization techniques.
The use of a software interface such as the API (application programming interface) gives rise to other cloud computing security issues users are worried about. This is a program that enables computers to interact with provider software. Weak interfaces make a cloud service vulnerable to attacks and compromise data safety.
About the Author:
Read more about The Cloud Computing Security Issues Of Concern visiting our website.