Information Security

Cloud Computing Security

online cloud security

A common concern about cloud computing is that it is not as secure as a dedicated server. Security remains a common concern. A report prepared by the Tata Consultancy Services (TCS) on the basis of views ascertained from 600 leading executives across the world, shows that only a fifth of the USA and European companies would consider putting mission-critical and customer data on the cloud for fear of data security breaches. This rather conservative approach is in sharp contrast to Latin America and Asia-Pacific area where companies are more aggressive in parking core applications on the cloud. Another interesting finding of the report is that cost-cutting is not the biggest driver of cloud Apps; streaming processes and standardization of software are more important reasons.

The reluctance in the USA is not a surprise as the Privacy Rights Clearing House logged 175 breaches in 2011 involving 13 million records relating to cloud storage. In another finding, a cloud storage provider temporarily ‘allowed’ visitors to log in to any of its 25 million customers’ accounts using hardly any password. After all it was pointed out that cloud provider gives an assurance on security on a best effort basis and that does not amount to a legal obligation enforceable with penalties. The bottom line is there is no such thing as a totally secure cloud!

However, a lot of research is under way to plug possible loopholes. One obvious solution is to isolate customers from one another so that no data are exposed to unauthorized users. Another solution is providing what are known as add-on services. For example, Amazon Virtual Private cloud allows customers to choose virtual machines from different geographical locations linked in encrypted communication. Yet another solution is full automation of the system so that customers themselves can detect and respond to any breach of security without relying on the service provider for trouble-shooting. Finally, e-mail scanning is also suggested to detect and eliminate malicious code embedded in messages. One way out is to limit the access to data to a select few so as to minimize misuse.

Though it is claimed that malicious code cannot be installed in cloud-based system, technical safeguards are being tried. A company in Helsinki uses the cloud itself to protect the cloud. Its global network of servers detects malicious software and distributes protective code in minutes.

A white paper by IBM Academy of Technology has given its findings (2010) from 110 case studies of cloud computing implementation. All major industries except chemical and petroleum industrial products were studied. While there are motivating factors for cloud computing such as IT efficiency and ease of use, the negative factors include security concerns, system complexity, rapid technology advances in cloud capabilities and gaps in standardization.

Cloud-based services are not fool-proof. For example, some cloud-based apps of Google and Facebook went offline on 10 and 11 December 2012 for about 20 minutes and few hours, respectively. Google’s search engine was however not hit. But its Mail, Chat, Google Drive and Chrome browser were down for a while. A software update was blamed. In the case of Facebook, its mobile system was affected, which was attributed to the installation of the revised

Domain Name System.

Cloud-based services are vulnerable to common passwords used for different accounts as well as easy-to-guess passwords. Where there are common passwords, it becomes easy for hackers, as breaking into any one of the connected devices would open the access to all.

The definition of what is personal data is broader in Europe than in the USA. The American legal system permits the sale and transfer of many forms of personal data. American IT firms are urging European law makers to relax the conditions on cross border data transfer. Encryption of data may offer a solution. And one can send e-mail without a phone number and postal address to prevent misuse. However, the widespread use of window-centric computing is likely to longer on for a while, as 90 per cent of PCs today are windows. Moreover, firms are naturally sensitive as the data in the cloud are managed by third parties and banks and insurance companies have to follow stringent regulations on secrecy.

Cloud: The Other Side

For all its attractive features, cloud-computing takes away almost every right you might have on your data. Apple’s co-founder, Steve Wozniak famously said that ‘with the cloud, you don’t own anything. The more we transfer everything onto the cloud, the less we’re going to have control over it’. Richard Stallman went a step further. He called the adoption of cloud-based system worse than stupidity, a marketing hype campaign. What he warned did happen. In 2012, when the US Government shut down the file-sharing site, Megaupload, all information, genuine or otherwise, instantly vanished from the Internet.

There is good news for those who think supercomputing is not affordable to anyone other than government or big companies. Cloud computing has now made it possible even for small companies to tent the supercomputing facility in the cloud by the hour at a reasonable price. In fact, the benefits could be quite considerable (Box 23).

In India, it is planned to set up State data centres, with a view to saving the cost of IT resource of departments, which provide various services to the people. Under the national e-governance plan, 16 State data centres are proposed to be linked up. There is a view that given the reluctance to store sensitive data in the cloud, cloud computing in India would complement traditional desktop software rather that replace it.

Meanwhile, the Government of India has developed the first data centre for public cloud through the National Informatics Centre, which citizens can access for more than 740 services. A national cloud-computing initiative, known as Megh Raj, seeks to set basic standards for cloud-based services for government projects.

Impact On Energy

Cloud computing has long-term implications for power consumption. The compulsion to keep information available 99.999 per cent of the time with ever-ready back-up energy reserves makes heavy demands on the world’s energy sources. Greenpeace, the environmental watchdog, has in a report on cloud computing services offered by 14 global information technology companies says that Apple, Amazon and Microsoft are relying heavily on ‘dirty energy’ to power their clouds.

Apple leads the pack with 55 per cent of its power usage from coal-generated electricity. Facebook, Yahoo! and Google have restored to renewable energy as they expand. Facebook has built its cloud-based storage in Lulea Sweden with a sustainable source of energy, while Yahoo! has similar facility in Lockport, Canada, where besides a hydroelectric source, winds off Lake Ontario cool its reserves, reducing electricity consumption. A reduction in power consumption by data storage centres is necessary to expand cloud computing.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top