Cyber Security: A
Movement to The Cloud
By Keeva Gilchrist
The process of saving, sharing and accessing data within a
company has always been prime focus in the digital age. Over the past decade, cloud
computing has come into the forefront by making a bold move away from hard-drive
storage. In this way, the cloud allows programs to run through a number of connected
servers rather than be stored on any tablet, PC or smartphone. Some of these
servers are designed purely for storage whilst others host various
applications. This process can run on any number of connected devices and at
any time, making it increasingly more convenient in commercial markets. With
growing popularity, many major corporations are transferring their
infrastructure to the cloud through servers like Dropbox and Office 365. Can the same be
stated about their security systems?
In the past, USB devices, CD-R disks and external hard drives
served as the only method of file transportation. These out-dated systems are
now being replaced by cloud storage due to the many advantages it has for
service users. Firstly, folder storage in the cloud allows the recipient access
from any internet connection point in the world and grants users with instant
sharing ability. Secondly, it is less likely to lose any data due to back-up
functions and the absence of a physical storage device. Despite these
advantages, creating and storing sensitive data outside of the company network
can create a security-based anxiety. The risk appetite – amount of risk that
the company is prepared to accept – will directly influence the level at which
the cloud is used. In this sense, various pieces of documentation may be considered
as too sensitive to outsource and at high risk being stored and shared on the
cloud. While numerous servers offer moderately high levels of protection, cloud
computing security is constantly evolving and adopting new measures as a sub-domain
of information security.
Two further issues associated with cloud computing security
involve concerns with the provider and the customer. In order to address these
security concerns, the cloud providers must guarantee that their infrastructure
is protected and that client data is secure. In addition to this, the customer
must ensure that they are confident enough in the provider to make use of their
virtual outsourcing services. Without a uniform understanding, the security of
the cloud is at risk.
To overcome these concerns with cloud security, methods of
encryption act as the major safeguarding mechanism that servers employ to offer
data protection within the cloud. Some emerging cloud security companies are
using a split-key system to protect client data. This new and ground-breaking
security measure offers a double layer of protection for data transferred back
and forth from the cloud. Each data object is encrypted with a unique key that
is split into two, with one master key stored on premise and a second virtual
key created in the cloud domain. Designed against key theft by enabling keys to
be used in their encrypted state, the master key is never exposed in the cloud
system. The result being that the data is directly controlled by the key
holder.
In order for the cloud security mechanism to be affective, the
appropriate defence barriers need to be implemented by security management. Cloud
Security Alliance – a non-profit organisation dedicated to the implementation
of vital cloud security measures – state that there are three major areas that
call for concern within the cloud system. These areas consist of: security and
privacy, compliance, and legal or contractual issues. In order to achieve a
secure and functioning system, security management has to apply a number of
controls to safeguard weaknesses and prevent hacking. These controls consist of
deterrence, prevention, correction and detection. For successful application, a
risk matrix based on asset, vulnerability and threat should be conducted in order
to determine the appropriate control type.
For service-users, cloud computing offers low-cost and
easy-to-use applications that can be accessed from any number of points.
Although there are a lot of positive aspects involved in cloud computing,
consumers need to be confident that their personal files are secure. Consumers
and businesses alike must understand the opportunities of cloud computing, as
well as the risks. In doing so, a uniformed decision can be arrived upon when
considering cloud migration.