Jonathan Gershater in
Cloud, Cloud-based Security, public cloud, Securing the Cloud, Security
Nov 10th, 2011 |
Perhaps bubonic plague is uncommon, but influenza or cold germs are easily transmitted in the public domain. What degree of assurance do you have that when you check into your hotel room, that it is safe and sanitized? The hotel employs a cleaning staff and adheres to standards of cleanliness and hygiene to ensure your room is clean. However, door knobs, elevator buttons etc handled by the other guests all day, are an avenue of transport for infection. These are some of the risks we take in daily public life – our own immune systems and personal hygiene help to ward off illness and infection.
When you move your applications to the cloud, you want assurance from your cloud provider, that your data and applications:
- Won’t get infected with a virus from another co-tenant’s system.
- Won’t become an avenue of attack to other systems
- Will not be visible to other customer’s applications and systems
- Will not be visible by the cloud provider’s system administrators
- Will be expunged when you leave the cloud
and that your cloud provider will notify you of a data breach and finally that your cloud provider adheres to applicable standards such as HIPAA
, NIST SAJCC
to name a few….
The onus is also on you to secure your data by:
- Educating your application developers to write secure code.
- Avoiding weak or default passwords
- Turning off non-essential and insecure services
- Developing a secure Role Based Access Control (RBAC) Identity Management system.
Personal health and secure cloud computing can be achieved by adhering to safe practices within our own control and trusting our providers to adhere to secure standards and practices.