In part one of this article, “Cloud Computing and Security,” we discussed the basics of cloud computing and some common types of cloud computing applications. Now, we will go into more detail about the safety of the information you store in the cloud.
If you are engaging in cloud-based activities, you are placing a high level of trust with the cloud providers to keep your information safe and private. This is especially true for enterprises that house their company data in the cloud. As we said earlier, the cloud is nothing more than many servers in many data centers, so with that there are risks. Physical security of the center where is the data is housed is very important in addition to security of the information stored there. Also, be wary of the cloud service provider you choose – you are better off going with a name you recognize, like Google or Amazon, over a small provider without many clients.
After conducting a study on cloud security, Larry Ponemon, chairman and founder of the Ponemon Institute had this say,
“Given the well-publicized concerns about the potential risks to organizations’ sensitive and confidential information in the cloud, we believe it is only a matter of time until users of cloud computing solutions will demand enhanced security systems.”
For enterprises, Gartner provides seven of the specific security issues that customers should raise with vendors before making a choice of providers. David Kwok at the Smarter Computing Blog has some good ideas, too. But how can consumers take responsibility for their secure cloud computing environment?
Amazon CEO Jeff Bezos suggests choosing stronger passwords for access to your cloud services.
"Probably the most important thing that consumers can do is choose harder passwords," he said at a Consumer Reports event last May. "It's a simple thing to do, but it's very common for people set their passwords to relatively easy things to guess…the other thing people do is use the same password everywhere."
A strong password is a good start, but it not the highest security for authenticating yourself to a cloud service. The strongest way is to use some sort of additional method for proving your online identity and log into a specific service. This is also known as two-factor or multi-factor authentication.
Two-factor authentication is “something you know,” like your username, and “something you have.” An example of “something you have” is one-time password (OTP) token, a small device or a mobile application that generates a different password you must enter for every login. Some cloud service providers offer two-factor authentication. Facebook, for example, introduced OTPs last year. Google, too, started rolling out OTP-based authentication last February. Both of these include mobile OTP applications.
If you don’t know if your cloud service provides two-factor authentication, ask. And, if they do not offer it at this time, demand that they start.
To Sum Up :
• Storing any content on the web as opposed to your own personal computer or server is considered cloud computing
• Twenty-two percent of U.S. consumers aren’t familiar with the term “cloud computing,” but 76 percent use cloud-based services
• Cloud-based services are often stored on server farms that can contain tens of thousands of servers
• Choosing a strong password is a good first step to secure your cloud computing experience, but two-factor authentication is ideal and should be demanded of service providers