Home : IAAS : Analysis & Insight

Is cloud computing secure?

In the latest of our cloud computing exploration features, we look at the issue of security.

By Simon Bisson, 1 Nov 2010 at 08:00

With more and more data and applications heading to the cloud, leaving the familiar data centre for the fresh field of hosted online data centres, it's time to think hard about security issues.

Can hosted, multi-tenant services ever be as secure as your own server?

This isn't a new problem. Far from it. It's actually one the industry keeps coming back to. First it was data processed by time-sharing systems at a data processing bureau, and then it was outsourcing, and most recently off-shoring. Data leaks and breaches in the news focus attention from legislators, and regulations are put in place to try and manage things – but regulations are never enough. It's what you do that protects your data.

There are three basic models for cloud services, and how you treat security is going to differ as a result of the cloud services you choose:

• Infrastructure as a Service (IaaS): a service like that provided by Amazon Web Service, where they provide an infrastructure, leaving you to deploy your own virtual servers.
• Platform as a Service (PaaS): a service like that provided by Microsoft Azure, where you run your applications on the service's operating system, using its storage infrastructure.
•Software as a Service (SaaS): a service like that provided by Salesforce.com, where you store your data in the services databases, and use its software to process the information.

If you're using an IaaS provider, then you're going to need to treat your virtual machines much like any cluster of virtual machines in a data centre. The service provider is providing the network infrastructure (and the network security tools), and you're going to need to secure your virtual servers. You can use familiar tools and techniques, but it does mean that you're going to have to treat security as a full time IT task.

1 2 3 4

Email to a friend

Print this page

IAAS : Analysis & Insight

2 comments

You need to Login or Register to comment.

Call me a Luddite

But what is the point? This ISN'T something for nothing. We used to pay for a server / licences etc. and pay to run it. Now we buy a PART of a large farm of servers - equivalent to a SERVER, put licences on it and pay to run it. They even make it look like I am on a "server" when I administer it. What a lot of trouble to go to, to simply pretend to be a server.
It used to cost me money --- and it now costs me money.
I used to have all my data / apps in MY server room, now I have no idea where they are.
The only change therefore is that I don't know where my precious IPR is. - Brilliant

By pjackson on Friday Nov 5

Not luddite, just not fully informed

I don't think you are a Luddite, just not completely up to speed on the concept.

Just like when the mainframe computer first came along, then the "personal" computer and later the internet. What were they good for, "nothing", until we and other people figured out things to do with them.

Think of the relationship between "Cloud" computing and a Mainframe Service Provider similar to that of a PC to an in-house mainframe. The cloud is potentially the "common-man's" access to server sized computing resources, like the PC provided desktop "mainframes".

The cloud is just another computing resource we have added to the mix: mainframes/servers/pc's , own vs lease vs it service provider vs "rent" from cloud. We as IT people have to figure out how to make use of this new computing resource.

Consider a small, new internet based company. They may not have the resources (money, space, expertise) to run their own server(s) and they certainly wouldn't be able to setup enough servers to handle large spikes in traffic. So for them a cloud provider might be an answer.

Your point about having to pay for licenses is valid. As well, we have to remember that the cloud provider will have to pay to buy the computers and the rest of the infrastructure we will be renting. As well, they have to make a profit.

By Ron007 on Saturday Nov 6