Sign in with
Sign up | Sign in

How Secure Is The Cloud?

How Secure Is The Cloud?
By

IT professionals often perceive the cloud as insecure as or less secure than having their applications and data residing inside their own data centers. But perceptions don't necessarily match reality.

When CA and Ponemon Institute commissioned a study of more than 900 IT professionals back in May 2010, they found that IT practitioners believed security risks were more difficult to curtail in the cloud, including securing the physical location of data assets and restricting privileged user access to sensitive data. The survey found that IT staff admitted they had incomplete knowledge about which of their computing resources are deployed in the cloud, mainly because these decisions are made by end-users outside of any IT review. About half of all respondents acknowledge that many cloud resources are not evaluated for security prior to deployment within their organizations.

Perhaps all the fuss is more about insecure Web applications than the cloud itself. Many of the top Web security exploits like cross-site scripting and SQL injection are things that have been around almost since back when Web servers were invented, and for some reason they still vex many corporate installations. Ironically, a report in May 2010 by Derek Brink of the Aberdeen Group shows that users of cloud-based Web security tools fared better than their on premises equivalents with fewer malware incidents.

Certainly, there are more or less secure cloud environments, just as there are more or less secure local data centers. The Cloud Security Alliance is a non-profit organization formed to promote security assurance among cloud computing vendors. The Alliance promotes best security practices and creates consensus around particular security issues. Founded two years ago by a consortium of vendors and end-user IT managers, it has created several working groups, such as those focusing on data center operations, eDiscovery, and lifecycle management.

The Cloud Security Alliance has both vendors and IT manager representatives organized into a series of working groups to better promote cloud security best practices.The Cloud Security Alliance has both vendors and IT manager representatives organized into a series of working groups to better promote cloud security best practices.

Anyone shopping for cloud services should seek clear and compelling answers to four questions:

  1. How is data encrypted, both in use and at rest, when stored in the cloud infrastructure?
  2. Are fine-grained access controls in place?
  3. How much of the cloud infrastructure is redundant?
  4. How well are Web applications protected? 


We look at each of these in more detail through the following pages.

Ask a Category Expert

Create a new thread in the Reviews comments forum about this subject

Example: Notebook, Android, SSD hard drive

Display all 14 comments.
This thread is closed for comments
  • 1 Hide
    fstrthnu , December 22, 2010 8:34 PM
    Answer: It's safe IF you play your cards right, but almost all of the time you can forget about decent security
  • 2 Hide
    Anonymous , December 23, 2010 7:22 PM
    You haven't really addressed many of the security concerns IT pros have about "the cloud". Who potentially has access to my data, what controls are in place to keep that data safe (ie could a rouge employee rip backup of my DB and take it home)? How are other legal situations handled, such as warrants/requests for data from law enforcement, will the customer be notified, will the vendor simply comply, etc? What happens *IF* the cloud vendor goes out of business one day, where is my data (one would assume there would be warning signs before this happens, but stranger things have happened)? There are tons of questions with not many good answers out there.
  • 0 Hide
    babachoo , December 26, 2010 1:16 AM
    This article has been brought to you by domestic datamining organizations and the people they have in their pockets.
  • 0 Hide
    gonebamboo , December 26, 2010 5:13 PM

    Check out this cloud-based (Software as a Service) platform and its security architecture.

    http://www.otakhi.com
    http://www.otakhi.com/pages/security.html
  • 0 Hide
    ludikraut , December 27, 2010 2:09 AM
    This article barely scratches the surface of security issues surrounding cloud computing. It reads more like an executive summary than something I would expect to see on Tomshardware - very disappointing.
  • 0 Hide
    Anonymous , December 27, 2010 3:03 AM
    Cloud computing is overrated. Your data will never be secure in someone else's hands. Any encryption can be broken with time.
  • 0 Hide
    Anonymous , December 28, 2010 8:24 PM
    I didn't really see any mention of on-site encryption in this article, only transport encryption. Also, who assures us that claims made regarding security are entirely true instead of being marketing word-play which seems so popular these days. Only when a cloud service publishes results done by a third party auditor that I trust will I use them.
  • 0 Hide
    gtaker , January 4, 2011 2:59 PM
    If you are in the external cloud with your company your data will be compromise.. I'm 100% sure of that... we look at this cloud stuff 8 years ago and came to that conclusion if you need to do it, do it inside your company not outside...
  • 0 Hide
    sadams04 , January 10, 2011 12:54 PM
    Security is always a concern, but my main concern with the cloud is around someone else being responsible for up-time / availability. Those priorities rarely line up across multiple companies. While you may recover lost revenue through a breach in service level agreements, you can't recover customer perceptions and experiences in the same way.
  • 0 Hide
    perrakis , July 16, 2012 6:59 PM
    There's an updated version of the Ponemon Cloud Security Study available from the report's sponsor, Dome9: http://www.dome9.com/resources/ponemon-cloud-security-study.

    Incidentally, Dome9 offers free cloud security for an unlimited number of servers. You can check them out at http://www.dome9.com. Essentially, their value prop is the ability to close administrative ports on a remote cloud server and make access available on demand. This is important in the cloud where your servers operate outside your traditional network, and leaving ports open exposes them to hackers, brute force attacks, and exploits.
  • 0 Hide
    Scanlia , September 5, 2012 12:41 PM
    http://www.wcbk.info/2012/05/cloud-price-comparison.html
  • 0 Hide
    Scanlia , September 5, 2012 12:43 PM
    I found a really helpful article on cloud computing prices, and comparing all the different companies.

  • 0 Hide
    ken66_31 , December 6, 2012 7:24 AM
    Cloud computing can be so secure if you work with the right tools: http://www.drive-maxx.com/Pages/Product-information_3. Your data will be encrypted on your computer.
  • 0 Hide
    Xalman Xhan , June 5, 2013 3:47 PM
    There are actually two fears about cloud computing that deal with security – data security and job security. Organizations might get comfortable with data security but their IT side of the house doesn’t feel comfortable with job security. The cloud was supposed to be this evil thing that was going to eliminate jobs for local IT departments, but truth of the matter is that job elimination hasn’t actually happened. IT managers and professionals are working with increasingly restrained resources under impossible deadlines, but that has always been the case.

    http://www.dincloud.com/blog/security-in-the-cloud

    This is another interesting article that discusses Cloud security in detail.