Register

Forgot Password

Site FAQ

Home > IT Answers > Virtualization > How can one keep data secure with cloud compu...

XENOPHON22

2,245 pts.

How can one keep data secure with cloud computing

Cloud computing security, Cloud Computing in 2010, Security, Knowledge Point Challenge

A large company is working on a new project that requires
cloud computing. If they utilize their private network they can reasonably
assume their data to be secure, given that all protocols with remote access are
followed or the private network does not allow remote access.

ASKED: Feb 9, 2010 8:21 PM GMT

UPDATED: December 16, 2011 7:04:22 PM GMT

RELATED QUESTIONS

CloudResearcher

525 pts.

Answer Wiki:

When you store data in a 3rd parties cloud you have to assume that the Cloud provider (Microsoft, Amazon, RackSpace, etc) will keep your data secure. If you need to be sure that your data is secure, then a Cloud platform may not be the correct choice.
-MrDenny
----
It really depends on the application. I was at a cloud computing user group meeting recently and asked around about this same question.

For some uses, attendees suggested, you can just encrypt everything, and use it as a storage-as-a-service. In other cases, more and more vendors are letting customers deep dive into facilities and to see exactly how the data is being secured. It's never absolute, but then again, security never is. Just have to determine the acceptable risk and work from there. The Microsoft, Amazon, RackSpace's of the world likely won't give you this "inner" peak, but often smaller vendors will.
-Michael

Federated Identity Management, Proper Encryption techniques with Key Management for Data, Network Security measures, Virtualization Security and Physical Security are main areas while considering Cloud Computing.

-Mitesh

Last Wiki Answer Submitted: Dec 16, 2011 7:04 PM (GMT) by CloudResearcher

525 pts.

Latest Answer Wiki Contributors: Michael Morisy

6,878 pts., Mrdenny

63,630 pts.

To see other answers submitted to the Answer Wiki View Answer History.

Answer Wiki:

For some uses, attendees suggested, you can just encrypt everything, and use it as a storage-as-a-service. In other cases, more and more vendors are letting customers deep dive into facilities and to see exactly how the data is being secured. It's never absolute, but then again, security never is. Just have to determine the acceptable risk and work from there. The Microsoft, Amazon, RackSpace's of the world likely won't give you this "inner" peak, but often smaller vendors will.
-Michael

Federated Identity Management, Proper Encryption techniques with Key Management for Data, Network Security measures, Virtualization Security and Physical Security are main areas while considering Cloud Computing.

-Mitesh

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Feb 11, 2010 12:46 PM (GMT)

Thank you both for answering. Please do not mind if I play devil’s advocate.

If a company was to encrypt everything, would not the computers performing the cloud computations need to have the encryption key to work with the data? If that was the case then the red data (unencrypted) would be available again with the usage of black data (encrypted) only present in transmission.

On that same note, do either of you (or anyone else for that matter) know if when creating a cloud computing agreement (I am not sure what else to call it) a company can hold the provider accountable for security breaches? I can imagine a situation where when a company seeks a cloud provider, a hardware encryption method is introduced between sites and the cloud provider only works with the information in a filtered facility.

You are correct to say security is not absolute. I can only hope that encryption methods supersede that of people who will eventually have THz processors.

XENOPHON22

2,245 pts.

POSTED: Feb 11, 2010 1:51 PM (GMT)

Security involves confidentiality, integrity and availability. This last principle could be improved with a cloud service, because most providers will have your data available in more than one physical place in case of any incident with one of them.

Also, I would assume most providers will have a dedicated team of security experts, which could not be the case in all companies, but you would have to trust them, and that is not always easy (and recommendable). On the other hand, the provider could want to charge you for additional security services, which are probably not included by default.

In the storage-as-a-service mentioned by Michael, I think the encription keys don’t have to be shared with the provider, because they are not processing the data, just storing it.

Also, cloud providers will be an attractive target for hackers for sure.

So, I agree with MrDenny. If you want to be sure that your data is secure (and you have the necessary resources and budget to do it by your own), then a cloude service may not be the best choice.

Carlosdl

60,255 pts.

POSTED: Feb 26, 2010 4:44 AM (GMT)

[...] course, with cloud computing, one chief concern (just read the ITKE forums) is security. Denny Cherry captured a prevalent feeling when he wrote that, ” If you need to [...]

Former SalesForce CEO: The Cloud is Coming - Enterprise IT Watch Blog

0 pts.

Ask a Question

Browse IT Answers by Topic

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2012, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags