Meta: Cloud computing model seems to be increasingly popular. However, recent research shows that the security issue is the biggest factor determining whether cloud computing will be widely used or not.
Security issues still do not prevent the technology boom as well as the popularity of cloud computing because of its ability to solve and meet urgent needs in business. To ensure the security of the cloud, we need to understand its role in technology development. Security is the most frequently asked topic and here are the top 10 questions to ask about this
Potential risks when deploying cloud computing model?
Whether it is personal or public, we cannot completely control the environment, the data and even the people. Changes in patterns can increase or decrease risk. Cloud applications that provide clear information, advanced notification tools, and integration with existing systems reduce risk. However, a few other applications cannot adjust the security status, incompatible with the system will increase risks.
What needs to be done to make sure the current security policy is compatible with the cloud model?
Does the deployment of a cloud model meet the trust requirement?
Implementing a cloud model affects the risk province and affects the ability to meet different rules. Some cloud applications have strong notification and reporting capabilities and are set up to meet specific adaptive requirements; while some are too general and cannot meet the detailed requirements.
Does the service provider use security standards or empirical practice (SAML, WSTrust, ISO, etc.)?
Standards play an important role in cloud computing as an interoperability between services and prevent the monopoly of security services. Many organizations are set up to create and expand to assist in the beginning of the model deployment. The list of support organizations is listed at: Cloud-standards.org.
What will happen if violations and how to handle?
When creating a security program for the model, we also need to plan on dealing with breaches and data loss. This is an important factor in the supplier’s terms and is done by the individual. We are required to meet our supplier’s policies and rules to ensure timely support if something goes wrong.
Who will observe and be responsible for ensuring data security?
In fact, confidentiality responsibilities are shared. Today, however, this role belongs to the data collection system and not the provider. We can negotiate to limit liability for specific data loss by sharing this role with the supplier. But in the end, we are still responsible.
How to make sure that the appropriate data has been transferred to the model?
To know what data has been transferred to the cloud, we must understand what data is and build an appropriate security system based on data and applications. This process is time-consuming to get started, and many companies use data leakage technology to classify and track data.
How to ensure authorized employees, partners and customers can access data and applications?
The issue of managing access and data retrieval is a security challenge. Technologies like cross domain access (federation), secure and redundant virtual systems play an important role in cloud security. Supporting the cloud by expanding and adding environments can help address this challenge.
How are data and applications posted, and what security technology does this work?
Cloud providers will provide this information as well as directly impact the ability to meet the requirements of an organization or individual. Therefore, the element is clearly essential to us before making a decision.
What factors can make us trust the supplier?
Many factors are put in place to evaluate the reliability of a provider such as: service term, form of contract, SLAs (Service Level Agreements) agreement to compromise service contracts, security policies, and sub-contracts, operational history, strategy, and reputation. However, there is still no exact answer to the above question.