I would
like to present an article related to cloud security. Please have a look on conclusions from “Cloud
Computing Security Issues and Challenges” by Kuyoro S. O., Ibikunle F. &
Awodele O.
“Cloud
computing is a set of IT services that are provided to a customer over a
network on a leased basis and with the ability to scale up or down their
service requirements. Usually cloud computing services are delivered by a third
party provider who owns the infrastructure.(..). Cloud computing offers an
innovative business model for organizations to adopt IT services without
upfront investment. Despite the potential gains achieved from the cloud
computing, the organizations are slow in accepting it due to security issues
and challenges associated with it. Security is one of the major issues which
hamper the growth of cloud. The idea of handing over important data to another
company is worrisome; such that the consumers need to be vigilant in
understanding the risks of data breaches in this new environment. That article
introduces a detailed analysis of the cloud computing security issues and
challenges focusing on the cloud computing types and the service delivery
types.” It contains detail descriptions of cloud deployments models: Private
cloud, Public cloud, Hybrid cloud and Cloud Computing Service Delivery Models such
as Infrastructure as a Service (IaaS), Platform as a service (PaaS) and Software
as a Service. Author mention the major challenges that prevent Cloud Computing
from being adopted are recognized by organizations: Security, Costing Model, Charging
Model, Service Level Agreement (SLA), What to migrate and Cloud
Interoperability Issue. Article is focused mainly on security issues related to
mentioned models.
Please have
a look on the article conclusion:
“Although
Cloud computing can be seen as a new phenomenon which is set to revolutionise
the way we use the Internet, there is much to be cautious about. There are many
new technologies emerging at a rapid rate, each with technological advancements
and with the potential of making human’s lives easier. However, one must be
very careful to understand the security risks and challenges posed in utilizing
these technologies. Cloud computing is no exception. In this paper key security
considerations and challenges which are currently faced in the Cloud computing
are highlighted.
Cloud computing has the potential to become a frontrunner in
promoting a secure, virtual and economically viable IT solution in the future.”
and let me know what do you think about that?
Is the security
an issue during a process of “putting your data, running your software on someone
else's hard disk using someone else's CPU”?
This is quite nice article and it contains very actual topic. But data security in general do not only concerns cloud computing.
ReplyDeleteI can tell from my work experience that "putting your data, running your software on someone else's hard disk using someone else's CPU” is not only a drawback in cloud computing, because some large companies rents their servers from external companies. So while their equipment is not theirs and usually they rent server space in hosting companies we can say about quite similar situation comparing to cloud solutions.
But getting back to the topic I think that cloud is something wonderful and it makes humans life easier and whole their data is at your fingertips. But you should not place any of your important data in cloud. We have some examples shown by celebrities and their photos in Apple Cloud. :-)
I think that the best solution will be placing your fragile data inside your company on your own machines. It's more expensive, but actually it will gives us a little more security and privacy.
There is also very similar discussion in IoT (Internet of Things) field and if you are intresting in this kind of field you can read book "Abusing the Internet of Things" by Nitesh Dhanjani. This is an excellent technical coverage of security issues with IoT
Please keep in mind that we are living “cost saving” times.
ReplyDeleteTransferring your business management software to a cloud will reduce upfront costs, financial risk, operational expenses and ROI. Question is if we can afford to exchange security for ROI? What do you think about that ?
As the article summary says, the phenomenon of Cloud computing is indeed impressive. Using cloud disk space became very popular solution and more convenient one than owning hard drives. You can access your data from anywhere with Internet access and disk space cost in $ per MB is cheaper. There is of course an issue of security and privacy, but so far the companies providing this kind of service are doing everything they can, to ensure their encryption technologies stay ahead of hackers. They have to – otherwise they would lose the entire business; in this case trust is everything.
ReplyDeleteI don't know much about cloud computing. Actually this article gave me a lot of informations I had no idea about (and it seems to be very interesting subject).
ReplyDeleteHaving a cloud infrastructure may be very convenient for a company, especially for the one that cannot spend a lot of money on an IT infrastructure.
There is quite a big variety of models and services to choose, but as it was mentioned in the article the most important issue that stops companies from switching to cloud computing is security.
It is not surprising. Nowadays, information can be a big value, and loss (or even leakage) of it may cause losses for the company.
I think it should be well thought out which company data could be placed in a cloud and which should be secured more.
"Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software". in my opinion it's not equal "you don’t have to pay for this."
ReplyDeleteWhen I started to read I had a feeling like Cloud computing is the best thing that could happen to us.
It gives us opportunity to save money, it can provide better performance and there are so many other benefits. In many cases this probably can be true. For sure when you start it can be much easier to choose IT architecture that best fits your business. But many organizations may need architecture change that takes long time before start using the cloud. This changes can give rise to additional risks which they have to cope with. In many cases it is not so cheap.
In my opinion for sure we need to ask ourselves about something more than just the future profits.
For example we should think whether it really so secure to have only one supplier?
Are we prepared and do we really need this change to achieve our business goals?
and many more...
One more conclusion... Every day we observe changes in policy of Software Licensing for Virtual Environments introduced by software companies. You can easily guess who is making the most of it. I recommend you see this picture, its says everything in my opinion and it is really funny :)
http://houseofbrick.com/the-oracle-parking-garage/
When it comes to safety, in my opinion the answer is relatively simple. World is changing and in order to be matter in such world on such a competing market we need to use new technologies. So a lot of us at the end of the day probably will use cloud. We can't eliminate all risks and we need to prepare for new risks if we really want to make progress. For example to faster respond to changing business needs. In my opinion this is because this cloud computing has the potential to become a frontrunner in promoting the security. This will be necessary I think.
This comment has been removed by the author.
ReplyDeleteIn some companies, saving money is more important than taking care about the risk of lack of the security. That way of thinking is unfortunately quite popular especially in small businesses area where high qualified security specialist are too expensive to become involved in any project. For small projects, cloud seems to be best solution for all performance and resource problems. On the other hand, some level of security has to be ensured in agreement with cloud provider, what probably satisfies people responsible for decision about implementing cloud in such firms.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteAnswer for this question should be "It depends on the situation and our needs". Internet is overfilled by articles about advantages and disadvantages for each solution. That is why we have to focus on our needs. Keep our mind open. Cloud computing is a huge step in IT technology, but we can rent a space on a hosting companies, or rent their CPUs for our calculations in standard way without modern "cloud" (is it better? good question).
ReplyDeleteThe best way will be storing confidential data in a paper version in a place which will be safe (fire, flood and burglary resistant) - but access to this data will be uncomfortable and storing expensive. What with our personel? Can we trust them? Cloud computing is a great solution for team work, tasks sharing but it is not for storing confidential data?
First of all let's focus on that what are we doing to secure our data in a company? Do we have a team that is analyzing its data cohesion, access logs? The weakness point of each solution in most of cases is human and his errors. As Tomasz wrote we know about photos leak from apple cloud. If I good remember problem was in iCloud API which was allowing for unlimited passwords input. It is great if we are able to make an audit of a company which will store our data, and if they give us quarantee of data security (access, backups) in the contract but it is raising cost of data storing for sure.
This 2 points are raising service cost.
There are 2 ways or you will spend money for hardware and team that takes care about data inside company, or rent hardware from external company.
>> Cloud computing has the potential to become a frontrunner in promoting a secure, virtual and economically viable IT solution in the future.” and let me know what do you think about that?
ReplyDeleteIs the security an issue during a process of “putting your data, running your software on someone else's hard disk using someone else's CPU”?<<
The one and only problem with Cloud Computing is how costly is to build Cloud infrastructure. In effect only big companies are able to do it (we're talking real infrastructure here, not just a bunch of servers in one location). And these large companies are very hungry for data. For our data. They will actively profile every single user, just to know what are his/her interests. And then they will use these data to sell targeted spam (should I say "ads"?).
Basically, if you put anything to the Cloud, say goodbye to your privacy.
Security? It's more complex; on one hand you want to have your data available every time an everywhere you need them (and Cloud helps you achieving this). On the other, it would be desirable to grant an access to your data only to people you chosen. The latter, is a mirage I am afraid.
Your question is very tricky. Lets look from the financial point of view. In most cases cloud computing allows us to save a lot of money. If the amount is big enough, often we forget about other aspects, like for example security. In many cases cost is the only argument for using cloud computing also security is often not important. But what if cost of losing your information or cost of getting data by third party person is much bigger then potential profit ? Than you need to think about the security.
ReplyDeleteI think that there is no simple answer on your question. It depends a lot on the situation and kind of data you want to share with the provider of the cloud
I am agree with Dawid Pacholczyk, because when company must save money , they choose cloud computing and don't think about security.
ReplyDeleteIn my opinion when company want to be save , their very important things must do in their resources. But things less important their can do in cloud computing . This reduce the risk.
I also agree that it depends on the situation and kind of data you want to keep in the Cloud. I think those services are never totally safe and there is always a tiny threat of you data being accessed or stolen. So you should definitely take security into account (not just the savings) while making the decision.
ReplyDeleteIn my humble opinion, the current adoption of cloud computing is associated with numerous challenges because users are still skeptical about its authenticity. The cloud acts as a big black box, nothing inside the cloud is visible to the clients and Clients have no idea or control over what happens inside a cloud Even if the cloud provider is honest, it can have malicious system admins who can tamper with the VMs and violate confidentiality and integrity Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks
ReplyDeleteI used to work for a major company in a heavily regulated and highly competitive industry (pharmaceuticals). They took security very seriously since any breach could make them lose big bucks. I was all the more surprised to see them move to the Google cloud with pretty much everything from email to instant messaging to document repositories to application servers (okay, just the least critical ones).
ReplyDeleteI realize any network can be hacked into and any data can be stolen but isn't trusting an external company with your most confidential data a security threat? It's all well and good that we have all those SLAs, confidentiality agreements etc. but can you really trust a company in another jurisdiction? How do you know they don't collect all your data (they probably do) and they don't use it against you in the future?
Nothing is safe in the public network. As long as your data are not too sensitive I don't see much problem with having them stored on other computers (which you don't own) since it saves you resources which otherwise you should pay for (hosting your own server) but everyone has to decide for himself and should be aware of the fact that he no longer is in full control of that data and it can be retrieved by unauthorized people. A good example of such risk is the "2014 celebrity photo hack" which leaked private images of famous people that they stored on Apple's cloud service iCloud. Everyone should ask themselves, is it worth the risk to put my data on such a service? The answer of course depends.
ReplyDeleteI totally agree with my colegaues, nothing is safe in public network, but it's cheap. For example, you had opportunity to store unlimited amount of data on onedrive storage(not anymore). People were storing terabytes of data. I'm using cloud storage, mostly for my photos, they aren't confidential so why not. I'm not paying for it even a single dime. It's good for backup. If you want redundancy store it in two or three different providers.
ReplyDeleteSecurity is always lowered in cloud, because we are lazy. We need app clients to use it on our smartphones to mount it in our OS's and so on. Every single app can lower our security. That's why ProtonMail doesn't have any external clients. Amazon and Microsoft signed an agreement with USA governement about sending our data. If you put any file into cloud storage it's not yours anymore, it's shared data and it's for sure analyzed by NSA.
Still, is it worth the risk to put my data in the cloud storage? Yes, if they are completly safe and can't harm you in any way. For sure, I won't store any confidentional data on cloud.
It seems that it may be a good idea to identify confidental data to keep and process them in the company. The rest may be transferred to the cloud. Every company should calculate the risk connected with using cloud computing. I am not very familiar with this topic but it seems that cloud computing is a great solution for small-medium enterprises. It helps keeping the costs minimal and delegates the issues connected with maintenance of the servers for example. While outsourcing such jobs we get good quality at minimal cost.
ReplyDeleteHowever, the cost and time of moving from cloud to traditional approach is quite big so the vendors of cloud services have better negotiating position during the process of using the service which it may lead to abuses.
In my opinion Cloud computing is the most interesting and innovative technology but not for everyone. The Main reason why cloud is not for everyone is the security problems. I work with the government institution and for us the security issue is the most important .The Government institutions can never use cloud because they don't know what happens with their date. Some people say that encryption is the best way to secure our data which can be next stored in cloud . But in my opinion encryption is nether complete nor certain method to save the most important information. If we can encrypt something, somebody will decrypt it. I think cloud is a fantastic technology for private users and civilian companies but not for the government.
ReplyDeleteI'd like to disagree with the latest statement. On the contrary, I'd like to see more and more cloud solutions used by our public services. I'd rather see there lots of obstacles with implementing these cloud technologies, because lack of knowledge and lack of idea how beneficial it would be. The agencies could deploy their own clouds to master the data, but that would require much more thinking and expertise behind and would bring transparency (eventually!) in or more efficiency.. but that would kill bunch of jobs.. and as we know government agencies are the last ones to cut jobs. But this is a topic for a separate discussion.
DeleteThis comment has been removed by the author.
DeleteUsing public cloud can be an issue for the government, but in such cases can adopt other cloud computing model like private cloud or even consider a hybrid cloud. What's happening indeed.
DeleteI think that there are a lot of practices that jeopardize security much more that using cloud computing. During some of my consulting gigs I saw pendrives with sensitive data left on table and at the same time we were discussing security policy ;-) Cloud computing is the next paradigm shift in the industry as many before. It will become more and more secure and from my point of view there are generally more pros than cons of using cloud computing.
ReplyDeleteCloud computing is the only way to commercial use machine learning technology. Off course there are company that prefer to develop for own hardware. But that solution have many disadvantages. The price is the biggest one. If company would like to train DNN with its own GPU cards it usually takes month to obtain result. In cloud computing it only takes few days. It's obvious that the way to parallel training is really complicated and takes a lot of time. Cloud computing is the future and there is no doubt about it. Unfortunately that solution entail security problems. Company invest time and money to store in cloud confidential information. If security fails all information and all know-how could be stolen and used against the company. That's why a lot of work has to be made to make cloud computing more safe.
ReplyDeleteI personally use services like DigitalOcean, Parse and OpenShift both for personal and commercial use. The most compelling argument for me to use those services is that you can pay as you go:-)
ReplyDeleteIn the past if you wanted to create a website, you had to buy an expensive server, configure everything, handle load balancing etc. Essentially you had to either hire or become a system administrator.
Right now this is fortunately all in the past. Creating a service is just a click away and you don't pay until you pass threshold of traffic on your website. If your application need additional resources they are automatically provided by the system and you are charged just for the resources you use.
Cloud computing…hmmmm, that is something to Wonder about security and costs. Two things and many themes to discuss. In my way (I’m system administrator) in no large company – that is something to reduce cost of using service like mail. Yes I know that OS X Server has got mail service and it is no cost to any company but for example Exchange online like Office 365 has got many thinks to administrate and checking problems with that solutions. If you use mail service at OS X Server you know that it is simple to configuration and use. You know that it is security, but only if you use registered certificate in Apple.
ReplyDeleteI would like to present very conclusion service – office 365 – only Microsoft has got appropriate from european GIODO. Only Microsoft has security politics that we can use in European countries.
There is one more benefit – we don’t have to buy server to launch service and we don’t have to wondering about potential problems. We must only be a good admin.
Do you agree with me?