Cloud security is often discussed issue, as the Cloud encourages multi-tenancy services and multiple user connections. As a consequence, there are data issues, privacy issues, infection issues, access issues, and trust issues to contend with. Each of these issues can spin out information manuals and tomes that will leave the lay user bewildered and frustrated. A lay perspective on how these issues are handled by Cloud service providers is always welcome.
A data issue arises when users are permitted to access data from wherever they are using the Internet as the network and the browser as their application window. The data owner must have clarity on who can access the data, what operations they can perform, and how much of the data can be accessed by the particular entity. This issue spawns other issues such as: should the data in transit and store be encrypted? What kind of encryption protocol should be used? Who should hold the encryption key—the user or the service provider?
Privacy issues are hedged around with a number of legal complications. Compliance to these legal mandates demand implementation of appropriate procedures and processes for data generation and management. Since the servers and storage repositories in the Cloud are owned by third parties, the privacy and security of personal information of customers of the enterprise becomes more complicated. The enterprise must have clarity on who has control over the data and who has access to the data.
Infection of files and folders is another security issue that demands the institution of multi-layered safeguards. Both the vendor and the use must deliberate on the questions of the following kind and come up with meaningful answers. How vulnerable is the Cloud server to infection? Who among the authorized and authenticated users are likely to upload infected files accidently or deliberately? What are the safeguards within the enterprise to prevent such infections? What are the safeguards implemented by the service provider?
Security can be further compromised if the service provider’s software is defective. For instance, the deduplication or compression technology used by the service provider may be defective resulting in loss of data. The user and the service provider must ensure that the software does not in any way compromise the information that is being transmitted to the remote server or recovered from it.
Finally, trust is a business imperative and has to be earned. If the Cloud service fails to gain the trust of the customer, all other security parameters instituted by them will be of no avail.