Blue Skies Thinking for Cloud Security?

As cloud computing moves data and services from local systems to remote centres, the question of security for organisations must be addressed. A research paper published in the International Journal of Services and Standards suggests that a cloud-free security model is the best way forward and will circumvent the fact that cloud service providers are not yet meeting regulations and legal standards.

In the early days of computing, users accessed resources using desktop terminals connected to a mainframe. The personal computer changed all that uniting the input, processing and output devices in a single machine.
Recently, however, the merits of separating the computers on our desks and in our pockets from the processing workhorses has re-emerged especially as broadband and mobile networks have got faster. Today, countless business and individuals access their email and documents on remote web-based systems. Social networking tools, such as MySpace, Facebook, and Twitter maintain data on remote servers accessed through a web browser. Data storage and back up too are often undertaken on remote servers

Yunis has developed a model to assess all the various risks associated with relocating an organisation's data and services to remote computer servers in the clouds. "The model can be applied in assessing the security issues emanating from cloud computing, identifying the security countermeasures needed to address these issues and coordinating the efforts of the various participants to enhance information security in organisations adopting cloud computing," explains Yunis.
She points out that there are six important issues that must be addressed to ensure an organisation or individual's use of cloud computing is not compromised.
The first is "resource sharing. On shared services, there is the possibility that another user on the same system may gain access inadvertently or deliberately to one's data, with potential for identity theft, fraud, or industrial sabotage. Second, because data is held offsite data ownership might be compromised. Third, the intrinsic latency of transferring data back and forth for processing in the cloud means that some users might lower encryption levels to cut send and receive delays, giving rise to additional security concerns. Fourth, the issue of Service Line Agreements (SLAs) may lead to an organisation being refused access to data and services if there are technical, security or commercial disagreements between them and the cloud service provider. Fifth, data might be lost or otherwise compromised because of a technical or other failure on the part of the provider. Finally, negative aspects of interoperability and portability in which failure or attack of a virtual component in the processing and storage may compromise security.

Posted in: Blue Skies,Cloud Security,Science News