The first answer to this question is a question. Do you want to provide your service over the Internet? In the earlier discussion of Why Choose Cloud Computing? I discussed some major reasons that makes the cloud solutions attractive. If there are compelling reasons to leverage those benefits, then the following conversation make sense. If not, you can stop here and find something else to read.
If the Internet access becomes necessary for your service, then you have to host it in the cloud. You then need to consider what level of security you'd like to provide for your cloud service and how much investment you want to put into this. To help you understand this, I divide the cloud security into several levels.
Level 1: Protecting the Data.
Because the service is published online and the data is sent over on the Internet, the first thing you need is to safeguard the data. The followings are several important considerations:
- Data Encryption: You would encrypt the data in motion and at rest. Therefore, no one unauthorized can access the data.
- Hiding the Data Traffic: You would let the data or requests of data flowing over the Internet without letting others know where it's from and where it goes. There are all types of technology enabling this, such as SSH Tunneling with SOCKS5 proxy and Virtual Private Network (VPN).
- Data Integrity: You would make sure the data you received is the same data that you sent out. Then you add digital signatures to your data.
Level 2: Restricting the Access.
On this level, you would identify and decide who from the Internet can access your service and what they can access.
- Access Filtering: This is about identifying for all the accessing points over the web and allow only particular IP or mobile devices to access the service. Now, many Identity Management Tools and the Mobile device management (MDM) [1] has such security technology.
- Isolation in Public Hosting: In a shared public cloud hosting, you would want to separate your compute resources access from others. Virtual Private Cloud (VPC) and dedicated compute are the options that are available.
Level 3: Cleaning up your endpoints.
This is the hardest and most vulnerable part because of the Internet access. Your users are not security experts. They may not be aware of Malware (or malicious applications) running on their machine or mobile phones or the network connections that is open to others. Then, your service needs to help them detect the malwares [2], identify suspicious activities and inform anything that is threatening.
Level 4: Auditing the service
Another level of protections is a detailed auditing on who has accessed on what data and when. A comprehensive report and analysis of the service usage are another level of security protection, which allows you to discover issues and respond to the threats quickly.
Because of the Internet exposure, it's natural to have concerns about the cloud security in the first place. However, security is not a new topic to IT services. You just evaluate the gains, impacts, and challenges, and then choose a cloud platform to meet your needs.
- Mobile Security The 5 Questions Modern Organizations Are Asking
- Malware Detection in Cloud Computing, by Safaa Salam Hate,m, Dr. Maged H. wafy and Dr. Mahmoud M. El-Khouly, International Journal of Advanced Computer Science and Applications, 2014