Cloud computing - storing data and applications remotely rather than on your own premises - can cut IT costs dramatically and speed up your operations. Technology of Business explores the issue of cloud security. Building your own energy-hungry data centres is expensive and time-consuming, while managing hundreds of software applications chews up IT resources.
If you can outsource a lot of this hardware and software to specialist tech companies that can expand or reduce the level of service according to your needs, it can save you a lot of time and money. More Cloud Computing features from Technology of Business. And being able to plug into a range of ready-made cloud-based services helps you develop new products at a faster pace, potentially giving you a competitive edge.
You're also putting your data next to someone else's. In other words, your data could get lost, wiped, corrupted or stolen. There is also a risk that by outsourcing file and data management to a third party, firms will assume all the security has been taken care of, argues Kamran Ikram, managing director of consultancy Accenture's infrastructure and security practice. The most obvious way is through encryption, both while the data is in transit and while it is "at rest" on the cloud servers, explains Ian Massingham, Amazon Web Services' AWS chief evangelist for Europe, Middle East and Africa.
AWS, by far the biggest public cloud platform provider with more than a million active customers a month, has more than 1, security controls governing its services, says Mr Massingham. Customers can choose to control their own encryption keys if they wish, he says, as well as set the rules for who can and can't access the data or applications.
It says a lot that online retailer Amazon is happy to run its entire business on its own cloud platform. Mark Crosbie, international head of trust and security for Dropbox, the cloud file storage and collaboration company, says the way data is encrypted can also increase the level of security. The key thing to remember here is that every system has inherent vulnerability; the files you keep in cloud storage could be accessed, just like files on a local hard drive, if someone were to obtain the right authorization to access it.
You can protect yourself by securing additional encryption for your cloud services , and making sure to follow best practices when it comes to choosing, changing, and securing your passwords. Data is becoming increasingly important , and that data can take many forms.
It might be an important spreadsheet that keeps track of your company finances, a document that contains your trade secrets, or a CRM platform with details on all your most important clients. In any case, this is vital information, and people have a vested interest in guarding that information however they can. More than just worrying about the possibility of those files being accessed by someone else through a hack or impersonation attempt, people sometimes desire an innate sense of possession and control over those files.
Some people hate the idea of relying on the cloud to access their most important services, since it requires an internet connection. At the cloud provider premises, there are also many physical security measures that the company should have in place, such as CCTV for round-the-clock surveillance and concrete barriers to prevent vehicular access and ramraiding. One of the major lines of defense for any cloud security provider is encryption. The cloud uses complex algorithms in order to conceal data stored on the cloud.
Encrypted data is useless, and functionally impossible to decode, without the encryption key — due to the fact that it would take an amount of time and computing power to do so that it would make the operation pointless.
Data encryption is regarded as one of the most important measures of cybersecurity, as it means that even if your data is able to be taken by criminals, they will not have access to it, and will not be able to use it in any way. Look for cloud services providers who provide local encryption and decryption of your files, as well as offering backup and storage. This means that your data is entirely secure at every step in the process.
Your cloud services provider should also put a number of cloud security controls in place so that data is secure at all times. There are many different types of controls, so you need the provider to give you an understanding of which key measures they use.
Some of the most important include:. No system is perfect, and this is the same for cloud service providers too. However, if you choose a provider with powerful defenses, your business can benefit from the many security advantages of using the cloud to store your data. You can additionally mitigate any risks by putting strong cybersecurity procedures in place in your own system, and ensuring that you have a backup of all data in the event of a worst-case scenario.
Proven to build cloud skills. The evidence for trust judgment on a cloud service provider may include the following sources, as shown in Figure 5 :. All of the above mechanisms are similar to the ones applied to cloud brokers, save that the trustee is a cloud service provider rather than a cloud broker.
Trust based on the service provider: by trust in performance , a user trusts a cloud service with respect to performance, security, and privacy, based on the identity of the provider.
If the user trusts that the provider gives trustworthy cloud services, then the cloud service is trusted. Attributes assessed or certified : A cloud user may examine the attributes of a cloud service regarding performance, security, and privacy, which may be audited by a cloud auditor, or assessed and digitally signed by cloud brokers, or reviewed and digitally signed by some cloud users.
The belief in those attributes is dependent on the trust in the corresponding attribute assessor. Self-assessment and information revealing: A cloud user may study information about the service which is revealed by the service provider through cloud transparency mechanisms.
If the monitoring is conducted by a cloud broker, then the belief in the results of monitoring is dependent on the trust in that broker with respect to objective and professional monitoring. For example, to decide whether to trust a cloud service provider, a cloud user may simply just check whether the provider passed the formal audit of a widely accepted cloud service policy, conducted by a trusted auditor.
In the above figures, the trust relations with various cloud entities, shown in the left part of the figures, are dependent on various sources of evidence, shown in the right part of figures; and the derivation of a source of evidence is dependent on some trust relations either. All those dependence relations form the chains of trust.
Chains of trust relations in clouds. This figure provides an integrated picture to illustrate the chains of trust relations from a cloud user to a cloud service and related cloud entities, where accreditation is omitted for simplicity. Trust is a critical aspect of cloud computing. We examined and categorized existing research and practice of trust mechanisms for cloud computing in five categories— reputation based, SLA verification based, transparency mechanisms self-assessment and information revealing , trust as a service, and formal accreditation, audit, and standards.
Most current work on trust in the cloud focus narrowly on certain aspects of trust; our thesis is that this is insufficient. Trust is a complex social phenomenon, and a systemic view of trust mechanism analysis is necessary. In this paper we take a broad view of trust mechanism analysis in cloud computing and develop a somewhat informal and abstract framework as a route map for analyzing trust in the clouds.
To support this mechanism, we propose a general structure of evidence-based trust judgment, which provides a basis to infer the trust in a cloud entity from the belief in the attributes that entity has, and in which, based on the semantics of trust, we define the attributes to be examined are in a space of two-dimensions — domain of expectancy and source of trust including competency, integrity, and goodwill.
Future research will focus on mathematically formal frameworks for reasoning about trust, including modeling, languages, and algorithms for computing trust.
His research mainly focuses on 1 formal theories of trust, including the formal semantics of trust, measurement of trust, calculus of trust, trust evolution, and trust mechanisms; 2 applications of formal trust models in distributed computing and open networks, such as trust in cloud computing; 3 information assurance, including security policies for cross-domain information sharing, and formal models combining role-based access control, mandatory access control, and attribute-based access control.
David M. Nicol is the Franklin W. His research interests include high-performance computing, simulation modeling and analysis, and security.
Michael B: In clouds shall we trust? Article Google Scholar. Everett C: Cloud computing: A question of trust.
Computer Fraud Security , 6 :5—7. Commun ACM , 55 9 — Khan K, Malluhi Q: Establishing trust in cloud computing. IT Prof , 12 5 — Michael B, Dinolt G: Establishing trust in cloud computing. IANewsletter , 13 2 :4—8. Google Scholar.
Pearson S: Toward accountability in the cloud. Abawajy J: Establishing trust in hybrid cloud computing environments.
In Grids and service-oriented architectures for service level agreements. US: Springer; Berlin Heidelberg: Springer; Blomqvist K: The many faces of trust. Scand J Manage , 13 3 — Acad Manage Rev , 20 3 — Huang J, Nicol D: A formal-semantics-based calculus of trust. Shaoham Y: Temporal logics in ai: Semantical and ontological considerations. Artif Intell , 89— In Dependable, Autonomic and Secure Computing, Cloud Security Alliance Accessed on 16 Oct. CSA: Security guidance for critical areas of focus in cloud computing v3.
Knode R: Digital trust in the cloud. COM CSC RSA EMC: Proof, not promises: Creating the trusted cloud. EMC ISO AICPA International Auditing and Assurance Standards Board. IGTF: Guidelines for auditing grid cas version 1.
IGTF Maurer UM: Modelling a public-key infrastructure. London,: Springer-Verlag; IETF Inf Syst Front , 7 4—5 — Enomaly Inc. Enomaly Inc Accessed on 18 Jan.
Download references. This material is based upon research sponsored by the U. The U. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. You can also search for this author in PubMed Google Scholar.
0コメント