Cloud security concerns
News of China's reported attempts to hack Google email accounts highlights the security-related risks and exposures of cloud computing. Google's own perspectives on their experiences can be found here on Google SVP David Drummond's blog:
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
Though Google's complaints about international cyber-attacks are currently front-page news, the reality is that thousands of other similar attacks on public computing infrastructures occur on a daily basis.
Certainly, computer security has always been an issue since the advent of the transistor. But as computing infrastructures have grown increasingly interconnected through networking technologies, best practices and enabling technologies have always emerged to contain the associated security risks. In this sense cloud computing is only the latest stage in the ongoing internetworking and consolidation of disparate computing infrastructures. Accordingly, the advent of a new generation of security challenges should not be a surprise. It would be a mistake to simply dismiss cloud computing opportunities because of the potential for new security risks.
Large numbers of Riverbed customers have been able to realize a private cloud computing infrastructure by using Steelhead WAN optimization to consolidate their IT infrastructure into a smaller number of data centers. But the case of these Riverbed customers, most believe that their security has improved as a result of their consolidation practices, because their data is now centralized and consolidated into a smaller number of hardened, secure data center facilities, rather than be scattered throughout various regional or branch offices each with varying security standards.
A private cloud infrastructure only hosts data in private data center facilities that are reliably protected by established firewall, VPN, IDS/IPS, and other security technologies and best practices. For those enterprises that view the public cloud as in their future, the adoption of private cloud infrastructures in the interim can smooth the transition to and adoption of the public cloud. For those enterprises where security concerns and business practices don't make the public cloud feasible, a private cloud will deliver many of the efficiencies and benefits of a shared IT infrastructure without many of the security risks.
Comments