With security in the news lately because of the NSA leaks, people are wondering about the security of the data on their personal and work computers, servers and cloud storage platforms. Especially when data is stored off-site, such as on a cloud server, data management and security lose a certain level of transparency. Whether you view the cloud as an emergency backup or use it as your main file storage system, learning more about cloud-based security measures can alleviate some concerns.
Types of Clouds
Not all clouds offer the same measure of security. Public clouds — where many clients share the same cloud platform — offer the user little control over settings or security outside their own server instances. Your data is secure, unless there’s a breach in the cloud host’s security. One boon for public clouds is that, when you need more computing power, you don’t have to pay for new physical machines; all you do is take advantage of the spare computing and storage power available in the resource pool. Further, you can just add more block level cloud storage, without needing to requisition entire servers.
Private clouds have the same underlying capabilities as public ones, except all of the hardware used for the platform is dedicated solely to one client. Everything is still stored at a remote data center, but you don’t have to worry about other clients’ security practices compromising your data. You control the internal security of the cloud server, perform maintenance and monitor the network for incoming threats, such as DDOS attacks. While private clouds offer more granular control over servers, they come with greater responsibilities and financial costs, and may not be for everyone.
Several common security measures offer a level of protection to public or private clouds. Understanding these measures can help you implement them in your own private cloud or ask the right questions to determine how the public cloud vendor secures your data. These measures include:
- Firewalls: A firewall controls incoming and outgoing data, preventing traffic from passing through based on established rules. If a data packet is valid, it can pass the firewall. This is a first line of defense against attacks.
- Access control: Access control systems allow you to control resource access on a granular basis through an identifier such as email address. The system prompts users to enter credentials in order to receive access. This acts as another barrier to entry. With public clouds, it determines who has access to your data.
- Encryption: Ask whether the host encrypts data and backups if you’re using a public cloud; encrypt your data is using a private cloud.
- Data segregation: If storing your data on a public cloud, determine where it’s kept: is it separate from other customers’ data or is all data stored on the same physical servers? In the latter instance, a security breach of their data could leave you vulnerable.
At present, more hacking attacks target locally hosted data than cloud data: 80% of the attacks Verizon experienced in 2012 targeted internally hosted data. Cloud data can be a secure alternative to locally hosted data, so long as the cloud provider is reliable. A third-party security audit can help you evaluate whether a vendor takes security concerns seriously and will safeguard your data.