Businesses are adopting cloud services at a rapid pace. Conventional wisdom, however, insists that the public cloud should only be trusted for less critical data and applications.
More sensitive or private data should only be processed in the enterprise’s private cloud. Understandable – but is it logical?
The biggest risk is not in the cloud but in the journey to the cloud. What is needed is a clearer understanding of the actual, rather than gut risks of cloud computing.
The CEF (CloudEthernet Forum) is addressing this need by analyzing the security challenges under four categories of use cases -- security within the cloud, cloud networking, privacy concerns, and security from the cloud.
Regarding security, access management and user-identity recognition is vitally important in the cloud. This is not just about protecting from data theft -- cloud-assisted machine-to-machine communication and the Internet of Things requires allocating access only to devices covered by existing contract agreements with the cloud information provider.
Then there is the virtualization technology underlying much of today's cloud services. Distributed denial-of-service attack traffic should be filtered before it reaches the target VM.
On cloud networking security, the safety and efficiency of operation inside the cloud comes to nothing if the data transfer between clouds or between the user and the cloud becomes unpredictable.
Encrypting every bit of data between clouds and customers adds a heavy computation burden. The internet services provider should guarantee the safety of the data transfer at the physical layer, and a virtual private network solution between cloud and customer should be used.