Cyber Security: A Movement to The Cloud

By Keeva Gilchrist

The process of saving, sharing and accessing data within a company has always been prime focus in the digital age. Over the past decade, cloud computing has come into the forefront by making a bold move away from hard-drive storage. In this way, the cloud allows programs to run through a number of connected servers rather than be stored on any tablet, PC or smartphone. Some of these servers are designed purely for storage whilst others host various applications. This process can run on any number of connected devices and at any time, making it increasingly more convenient in commercial markets. With growing popularity, many major corporations are transferring their infrastructure to the cloud through servers like Dropbox and Office 365. Can the same be stated about their security systems?

In the past, USB devices, CD-R disks and external hard drives served as the only method of file transportation. These out-dated systems are now being replaced by cloud storage due to the many advantages it has for service users. Firstly, folder storage in the cloud allows the recipient access from any internet connection point in the world and grants users with instant sharing ability. Secondly, it is less likely to lose any data due to back-up functions and the absence of a physical storage device. Despite these advantages, creating and storing sensitive data outside of the company network can create a security-based anxiety. The risk appetite – amount of risk that the company is prepared to accept – will directly influence the level at which the cloud is used. In this sense, various pieces of documentation may be considered as too sensitive to outsource and at high risk being stored and shared on the cloud. While numerous servers offer moderately high levels of protection, cloud computing security is constantly evolving and adopting new measures as a sub-domain of information security.

Two further issues associated with cloud computing security involve concerns with the provider and the customer. In order to address these security concerns, the cloud providers must guarantee that their infrastructure is protected and that client data is secure. In addition to this, the customer must ensure that they are confident enough in the provider to make use of their virtual outsourcing services. Without a uniform understanding, the security of the cloud is at risk.

To overcome these concerns with cloud security, methods of encryption act as the major safeguarding mechanism that servers employ to offer data protection within the cloud. Some emerging cloud security companies are using a split-key system to protect client data. This new and ground-breaking security measure offers a double layer of protection for data transferred back and forth from the cloud. Each data object is encrypted with a unique key that is split into two, with one master key stored on premise and a second virtual key created in the cloud domain. Designed against key theft by enabling keys to be used in their encrypted state, the master key is never exposed in the cloud system. The result being that the data is directly controlled by the key holder.

In order for the cloud security mechanism to be affective, the appropriate defence barriers need to be implemented by security management. Cloud Security Alliance – a non-profit organisation dedicated to the implementation of vital cloud security measures – state that there are three major areas that call for concern within the cloud system. These areas consist of: security and privacy, compliance, and legal or contractual issues. In order to achieve a secure and functioning system, security management has to apply a number of controls to safeguard weaknesses and prevent hacking. These controls consist of deterrence, prevention, correction and detection. For successful application, a risk matrix based on asset, vulnerability and threat should be conducted in order to determine the appropriate control type.

For service-users, cloud computing offers low-cost and easy-to-use applications that can be accessed from any number of points. Although there are a lot of positive aspects involved in cloud computing, consumers need to be confident that their personal files are secure. Consumers and businesses alike must understand the opportunities of cloud computing, as well as the risks. In doing so, a uniformed decision can be arrived upon when considering cloud migration.