Cloud computing: Is it safe and secure?
Everyone's first question about cloud computing is whether running your applications or putting your data in the cloud is secure. So let's start with defining security. One way is to look it up on the Web in The Free Dictionary:1. Freedom from risk or danger; safety.2. Freedom from doubt, anxiety, or fear; confidence.3. Something that gives or assures safety.This definition seems clear and understandable. But when you add cloud to security things become less clear and harder to understand. Why is that? Well, cloud computing is not a thing. Cloud computing is a collection of information services that you can use over the Internet and where you store the data you create using those services.How do you store your data in the cloud without causing anxiety or fear?Most small and medium businesses begin using cloud computing by subscribing to one or more Software-as-a-Service (SaaS) applications. In this environment, the cloud service provider is running applications in a data center cloud and physically securing your data by storing it on fault-tolerant or redundant hardware or by keeping multiple copies of your data stored in different locations.It is likely that this level of physical data safety is better than what most small and medium businesses can provide on their own premises. Cloud service providers can thus assure you of a very high level of physical data security.Data that is physically safe in the cloud is not of much value unless it can be securely accessed in the cloud. Just who can access your cloud services and data must be addressed by the consumer of the cloud computing services, which is you. In addition to requiring user names and passwords, cloud service providers may have other management tools for you to use, but the ball is going to be in your court when it comes to granting and revoking access to your cloud application services and data.Once you are subscribing to more than a couple of applications in the cloud, granting and revoking user access to them is going to require some administration. Passwords are going to be a headache when users need to remember more than a few of them.Password proliferation can be overcome by using a single sign-on (SSO), a way to leverage a username and password combination to access more than one cloud application or service. Am SSO service provider allows you to create users and associate your cloud applications with the users you created.SSO is a better way to manage user passwords in the cloud, but security experts acknowledge that passwords alone do not provide sufficient access security.The answer is to employ "two-factor" authentication. One factor of user authentication is a password, which is something you know. A second factor of authentication is something you have, like a token or key or something that physically identifies you, like a fingerprint or retinal scan. It is widely acknowledged by security experts that having two factors of authentication provides much greater security than passwords alone.You can now see that our original question about cloud security actually has multiple facets. There is the physical safety of your data stored in the cloud, which is the responsibility of the cloud service providers you are using.Between the security that cloud service providers offer and the steps you can take to insure secure access, you can feel confident about using cloud computing. Just remember that security is a two-way street in the cloud, and you need to balance your side of the equation.Tim Wessels, cloud navigator at Oort Cloud Computing, Rindge, has worked with small and medium businesses building and maintaining their IT systems for over 25 years.