The failure to incorporate appropriate security protection when using cloud based solutions could have disastrous consequences like financial losses, security breaches, loss of sensitive data, failed solutions, hacking threats, loss of business reputation etc that would automatically lead to loss of business.

When customers move to cloud computing environments or solutions, they must have a clear understanding of security pros and cons associated with them. However, expectations from the cloud provider must be based on a sense of realism grounded on the knowledge of available technologies, tools and techniques. Different service categories like IaaS, PaaS, SaaS have different security requirements and responsibilities both from the provider and the user. These must be well understood and followed by both.

Despite the evident loss of control by the customer in a cloud environment especially the public cloud scenario, the cloud service customer still needs to alert, aware and maintain a sense of responsibility to tackle all kinds of situations, examine alternatives and ask for better standards of security and privacy.

Contracts between the cloud service provider and customer must have proper provisions and clauses for ensuring security and privacy in daily operation. The agreement must essentially provide legal protection for the privacy of data provided on the servers on the cloud.

The customer of cloud services however needs to ensure the integration of the services with their existing systems is in the best manner possible that takes into account the possible security issues.

The following issues of security may arise in a cloud environment and these concerns need to be taken care of:

  • In a public cloud, the control over security is to a great degree with the cloud provider and hence agreements must take into account this factor. Since there is some ambiguity in this regard, certain defenses may be left unguarded due to unclear demarcation of responsibility between the provider and the user and this would vary depending on the service category and the type of the cloud model used- public, private, hybrid. Hence, there should a clear demarcation of responsibility.
  • Strong authentication and authorization protocol especially in public cloud environments are key concerns as identity theft may become a serious issue.
  • A cloud customers efforts to achieve an industry certification may be lost if the cloud provider is also not compliant with them.
  • Handling of security incidents must be delineated in the notification rules and must be negotiated in the cloud service agreement.
  • Management interfaces and APIs especially are vulnerable to security threats via the Internet especially when they are combined with remote access and web browser vulnerabilities.
  • Even with the delegation of infrastructure security to the cloud service provider, customers may need to rethink perimeter security at the network level, by applying security controls at the user, application and data levels if possible.
  • Data protection policies and checks and balances against malicious insiders must be in place.
  • Cloud service unavailability is a key issue and needs to be taken into account.
  • When a customer chooses a cloud solution, there is a lock-in period that the customer is subject to based on paid fee burdens, data migration and portability issues that may make switching to another solution not an easy task.
  • When a contract with a service provider is terminated, customer’s data should be deleted but backup copies of the data may still exist that may be mixed with other customer data. This may make it difficult to locate due to mixing and hereby erasing them, creating a serious security risk that is more in multi-tenancy models than in dedicated hardware models.

The cloud creates new security challenges with new opportunities. Security risk can be minimized and security competence on the cloud can be better than the security competence of many standalone organizational systems with the promise of lower & affordable costs, anytime & anywhere access, no maintenance & infrastructure hassles worth the name.

It is essential that cloud service providers exceed the security competence of traditional IT service providers for them to achieve their potential and this is happening as we speak.

We at VersAccounts have created a secure cloud based one stop comprehensive ERP solution. It addresses key security concerns in the most effective manner possible. It is affordable and targeted towards SMB’s and is backed by a promise of dedicated support. It is being used by clients in diverse verticals and could help you redefine the way you operate and grow your business.

We’d love to hear from you.

To know more, please visit www.versaccounts.com or contact us directly.

Reference:

http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf