- There are all sorts
of fears and concerns swirling around the very idea of cloud computing, and
many sound like this: “What about security? Where’s the data? Who’s protecting
it?”
The fact is, all these questions were valid--when cloud computing was first introduced and not well understood. Survey after survey showed that companies were concerned about data location, access control, regulatory compliance, encryption, auditing rights, service-level agreements, reliability and disaster recovery.
All those concerns made some organizations hesitate before embracing the cloud. People were simply afraid--especially in highly regulated industries.
The fact is, though, that public cloud services from major providers use leading-edge security technologies to protect the data on their systems, and they offer competitive service-level agreements to guarantee their consistent performance. With a little due diligence, companies can find a service package that meets their IT needs and conforms to their security requirements.
For example, major cloud-computing providers have redundant set-ups in disparate locations for high availability, plus tight physical security for their data center locations. From video surveillance to intrusion-detection systems, and multifactor authentication required to gain access to equipment areas, these service providers make sure that unauthorized personnel aren’t welcome.
Within the cloud itself, each subscriber’s "stack" of resources is kept separate from the others using virtual machine environments. Security measures are layered, and they include OS- and virtual machine-level authentication for administrators, inbound-traffic firewalls guarding each virtual environment and signed API calls, which prevent anyone from using resources unless they have a secret key. These services also offer Secure Sockets Layer encryption for all traffic, and every user’s activity is scrutinized and logged for auditing purposes.
On the compliance side, cloud service providers are working on, or have already received, certification for various standards, including Sarbanes-Oxley and SAS-70. (That’s the Statement on Auditing Standards Number 70, for Service Organizations, type II.)
In addition, if your industry has specific requirements (like the Health Insurance Portability and Accountability Act for health care organizations or the Payment Card Industry-Data Security Standard for companies that handle credit card transactions), you can sit down with the cloud provider and construct a solution that meets those guidelines. Many cloud subscribers have done so successfully, so there’s an existing track record and a host of reference configurations to build on.
Lastly, with cloud services, you don’t have to worry about internal employees stealing or leaking data. A laptop stolen from a Department of Veterans Affairs employee, for example, ended up leaking private identity information for 17.5 million veterans back in 2006, and that breach remains in the top 5 most expensive data leaks of all time.
In other words, keeping information away from internal systems and portable devices is a smart way to keep it safe, and cloud services ensure that your sensitive data remains behind closed and locked doors.
jai mAta di
No comments:
Post a Comment
thanks