Cloud computing has soared in popularity in recent times, as more and more companies understand the benefits it brings in terms of increased flexibility, more resilience, better collaboration, reduced costs and more efficiency. However, such advantages notwithstanding, cloud computing comes with its fair share of risks as well.
In the initial days, security was a big risk that inhibited many companies from migrating to the cloud. The cloud, in essence, means storing data in a remote server managed by a third party. The security of the data depends entirely on how the third party secured their servers and the network. The related risks stem from the possible breaches when transmitting the data back and forth such remote servers, and the possibility of being cut-off from the data if the third-party provider shut shop. In shared hosting, there is also the risk of collateral damage for all companies whose data reside on a server, when hackavists or some other attackers hack the servers for data on any particular company in the server.
Cloud providers have beefed up on their security by providing encryption, making available redundant servers, providing stronger interfaces, and more, but these basic issues remain. Considering the fact that even IT companies ranging from Google to Facebook and from NASA to Sony has had their servers hacked in recent times, it is foolhardy to assume that the cloud would be more secure than dedicated hosting.
What is more, cloud providers have no option but to adopt a one-size-fits-all approach to security. Dedicated hosting would allow the enterprise to customize their security architecture, to anticipate the most likely threats and deploy the most effective protection for such threats. Rogue insiders have always been a headache to network security, and with cloud, such risks multiply. The possibility of in-house employees and others with access to the network plotting subterfuge is scary enough, without considering the possibility of the personnel at the cloud providers’ end, over whom the enterprise has no control, doing the same thing.
To make matters worse, the range of threats, far from abating, are only increasing. Of late, there have been several instances of (unethical) corporate warfare having spread over to the cyberspace, with enterprises promoting DDoS and other attacks on their rivals. This can very well spill over to the cloud. The possibilities of rival providers attacking the servers of their competitors to show them in bad light, or even the business being caught up in the cyber warfare of a company with which it shares it’s cloud storage are very real.
Another major area of concern is the increasing propensity of local governments to flex their muscles. With the world caught up in security paranoia, governments are demanding access to data in servers located within their jurisdiction and even beyond their jurisdiction, and IT providers are only too willing to comply. The Patriot Act of USA, which not only allows US law enforcement authorities access to personal data held in the cloud, but also prevents cloud providers from informing customers of the same, is a case in point. Even otherwise, the cloud providers may host their servers at different part of the world, and as such, the data would be subject to different local jurisdictions, and confidential data may end up in the hands of various third parties.
As things stand, far from eliminating the cloud security risks, the risks seems increasing both in depth and breadth.