Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Storage

    Security Risks Impact Even Businesses That Stay Out of the Cloud

    By
    Robert J. Mullins
    -
    June 14, 2012
    Share
    Facebook
    Twitter
    Linkedin

      SANTA CLARA, CALIF.€”There€™s a lot that businesses still have to ask their cloud service providers before signing up for service, especially about how secure their cloud environment is, the chief operations officer of the Cloud Security Alliance said at a cloud conference here.

      John Howie explained the security risks associated with cloud computing and the ways businesses can protect themselves and their data at the Cloud Leadership Forum held June 13 and 14. Howie warned that some cloud providers actually turn around and have customer workloads managed by yet another cloud provider. He also warned against using free consumer-grade cloud services for enterprise-grade computing.

      The Cloud Security Alliance is a nonprofit organization that provides free information to its membership of 150 companies and 35,000 individuals on how to choose cloud services€“private, public or hybrid€“wisely and with a focus on data security in the cloud.

      Howie sought to dispel the notion that the IT department or other managers can claim that they don€™t need to worry about cloud security because they don€™t use cloud services. Typically, individual employees subscribe to cloud services on their own. He gave the example of a businessman he met who was on the phone and couldn€™t send an email because the size of the attached file was too large. The man said he would upload it to DropBox, a cloud-based file-sharing service, instead.

      €œYou use DropBox?€ Howie asked the man. €œ€™Well, not officially,€™€ came the reply. €œThat€™s what you€™re finding in your organizations today.€

      There€™s another reason to avoid consumer-oriented cloud file-sharing or storing services such as DropBox, Google Drive or Microsoft SkyDrive, he continued. They are free because they€™re advertising-supported and they index the user data to glean information from it on what ads to deliver.

      €œThey are probably indexing your data, not because they want to know what your data is at a human level,€ Howie explained. €œBut at the machine level, they want to know what advertisements to send to you to increase the click-through.€

      It may be harmless enough for consumers to have their data indexed but an enterprise should not take that risk. There are paid file-sharing services that are better designed for enterprise users and their important security needs.

      A related issue is how businesses can remain compliant with government and industry regulations for the security and privacy of company data in the cloud. Not only are there varying regulations on the state and federal level in the United States, there are myriad regulations globally and, increasingly, both companies and cloud service providers operate globally. What regulations a company has to comply with depends on where the cloud service provider€™s data centers are located as well as where the company€™s data centers are located, Howie said.

      Businesses Need to Read Their Service Level Agreements

      He said in-house legal counsel, not the service provider, needs to determine what regulations a company has to comply with when moving to the cloud. Increasingly, in-house legal counsel hires an outside law firm that specializes in electronic records security and privacy compliance.

      Also, the fundamental security issue that businesses have to understand when contemplating a move to the cloud is that in a public cloud, the customer has no control over security of the computing environment, despite any assurances from the provider that they have firewalls, intrusion prevention systems or anti-malware protections in place.

      But customers can secure their data, said Dan Reis, director of US product marketing at Trend Micro, who also spoke at the conference.

      €œIf you store data in the cloud you don€™t have control over exactly where it is, who else may be on that storage device or the medium on which that data is traveling. That€™s a lot of exposure to your data,€ said Reis.

      Because the public key infrastructure (PKI) method of encrypting and decrypting data is so complex, Trend Micro offers a service called SecureCloud, which does the encryption as a service so that when a company€™s data is in the cloud and there€™s a breach or other problem, the data is protected, he said.

      While adoption of cloud computing is growing, Reis said many companies are still on a learning curve as to what cloud computing is and how safe it is to use it. €œA lot of them hear the term €˜cloud,€™ but there are a lot of different definitions of it €¦ so there€™s a lot of confusion from that standpoint.€

      The CSA€™s Howie says a thorough reading of the cloud provider€™s service level agreement (SLA) is needed to specify how the service is being delivered, including whether the service provider in turn, contracts with yet another service provider.

      €œThe SLA that you get from your cloud provider can only be as good as the SLA from their cloud provider,€ Howie said.

      And despite assurance from cloud providers that they offer security and reliability, incidents still happen. Amazon Web Services (AWS) customers were impacted by an outage at an Amazon data center in northern Virginia in April 2011. AWS advises customers to spread their workloads across multiple Amazon data centers for backup, but those worst affected by the Virginia outrage were the customers who failed to take that advice.

      Another failure occurred in Microsoft€™s Azure cloud service€“the cloud version of Windows Server€“in February. Microsoft said the service outage impacted Windows Azure Compute and dependent services: Access Control Service (ACS), Windows Azure Service Bus, SQL Azure Portal, and Data Sync Services. It did not impact Windows Azure Storage or SQL Azure. Microsoft traced the outage to a software bug, specifically a timing miscalculation related to the Feb. 29 Leap Year day, which only comes around on the calendar once every four years.

      Editor’s Note: This story was updated to correct the number of companies that are members of Cloud Security Alliance.

      Robert J. Mullins
      Robert Mullins is a freelance writer for eWEEK who has covered the technology industry in Silicon Valley for more than a decade. He has written for several tech publications including Network Computing, Information Week, Network World and various TechTarget titles. Mullins also served as a correspondent in the San Francisco Bureau of IDG News Service and, before that, covered technology news for the Silicon Valley/San Jose Business Journal. Back in his home state of Wisconsin, Robert worked as the news director for NPR stations in Milwaukee and LaCrosse in the 1980s.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×