Never turn your back on the sea
Never turn your back on the sea


Cloud computing and 10 common security questions

Recent studies show that security is the biggest barrier to decide whether cloud computing could still be widely used in the future.

The security issues are still not prevent the explosion of technology as well as the popular cloud computing by solving ability and meet the urgent needs of the business. To ensure the safety of cloud computing, we need to understand its role in the development of technology. A lot of questions exist around the pros and cons when using cloud computing in which the security, usability and management attention is always scrutinized. Security is a topic to be presented with the most user questions and here are the top 10 questions are designed to determine whether the deployment of cloud computing is appropriate or not and if not, you should choose any model accordingly: personal, public, or both.

1. The ability of risk when implementing cloud computing model?

Whether anonymous or public individuals, we still can not fully manage environmental data and including humans. The changes in the pattern may increase or decrease risk. These cloud applications provide clear information, tools, advanced notifications, and integration with existing systems will reduce the risk. However, some applications can not adjust the security state, does not match the system will increase the risk.

2. What should be done to ensure the current security policy compatible with the cloud model?

Each change in the model is a chance for us to improve the status and security policy. Because users will influence and control cloud model, we should not create new security policies. Instead, extend the current policy to be compatible with the platform attached. To hand the security policy change, we need to consider the correlation factors as: the data will be stored where, how protected, who has access, and the need to follow the rules and compromise what.


3. The cloud deployment model can satisfy fiduciary requirements?

Cloud deployment model risks affecting the province and affect the ability to meet the different rules. Some cloud applications have the ability to notice or report strong operational status and is set to meet the applicable requirements separately. While some are too general and can not meet the detailed requirements. For example, when we access the data, a message pops up to indicate that data is stored only within the territory (local server), then we can not be retrieved by the service provider can implement this requirement.

4. Does the service provider use security standards or according to the actual experience (SAML, WSTrust, ISO, etc...)?

The standards have an important role in cloud computing as interoperability between services and prevent monopoly status of security services. Many organizations are established to initiate and expand to support the first steps in implementing the model. List of supporting organizations are listed at:

5. What happens if the violation and handles like?

When security programming model, we also need to plan addressing the offense and data loss. This is an important factor in the range of suppliers and are made by individuals. We must meet the policies and regulations set forth by the vendors to ensure timely support if they crash.

6. Who will be responsible for observing and ensuring the safety of your data?

In fact, the security responsibilities are shared. However, today this role belongs to the data collection system and not the provider. We can negotiate for unlimited liability for the loss of specific data is shared this role with the supplier. But ultimately, we are still responsible.


7. How to make sure that the appropriate data has been transferred into the model?

To know what data has been moved to the cloud, we must understand what the data is and build an appropriate security system based on the data and applications. This process is time-consuming to start and a lot of companies using technology to combat data leakage classification and tracking data.

8. How to make sure the employees, partners and customers are authorized can access the data and applications?

The issue of managing information access and retrieval of data is a security challenge. Technologies such as cross-domain access (federation), secure virtual systems, and prevention plays an important role in cloud computing security. Support cloud by extending and supplementing the environment can help address this challenge.

9. Data and applications are posted how security technologies that practice this work?

Cloud providers will provide this information as well as directly affect the ability to meet the requirements of an organization or individual. Therefore, a clear factor is essential for us before making a decision.

10. What other factors can we trust the supplier?

A lot of factors set out to evaluate the reliability of a supplier such as terms of service, contract forms and procedures SLAs (Service Level Agreements) service contract agreement, privacy policy, elementary operational, strategic, and reputation. However, there is no exact answer to that question.