A group of experts conducted a study on the main security issues that still need to be overcome in order to apply cloud computing technology on a much broader level. There are various top-level opinions that see much more serious problems associated with privacy and user freedom.
Today we hear a lot of talk about the term cloud computing, which in Spanish would be interpreted as “computaciĆ³n en la clou”, this seems to be new, however, many of its applications are used daily without realizing it, for example in: many free services from Google, certain curious web services, and even some operating systems such as Jolicloud.
These systems are managed in the cloud and the end user only connects using the power of the servers without needing to have them with him. Sometimes a small, custom-made client program is needed. But most of the time, a web browser is all that is needed.
A group of experts from the NIST (National Institute of Standards and Technology) carried out a study on the main security problems that still need to be overcome in order to apply this technology on a much wider level. There are various top-level opinions that see much more serious problems associated with the privacy and freedom of the user.
The structure of the system allows access to powerful computer equipment without the need for user maintenance. This makes it an ideal platform for the development of scientific projects that need high-powered computers and that otherwise would not be able to access them. Internal management systems of companies are also supported on this operating model.
The service model of the cloud computing environment is comprised of three core options:
- Software as a Service (SaaS). It comprises end-user applications delivered as services, rather than software-on-premises.
- Platform as a Service (PaaS). It provides a platform for applications or middleware as a service where developers can create and deploy custom applications.
- Infrastructure as a Service (IaaS). Concerns hardware, technology for storage, operating systems and computing; other infrastructure, on-demand services rather than dedicated and on-site resources, such as the Amazon Elastic Compute Cloud (Amazon EC2) or the Amazon Simple Storage Service (Amazon S3).
While it is true that cloud computing, also called cloud computing, brings great advantages, it is also true that the more critical the application, the more important system reliability is, as well as data security. As a result, you are more likely to fall victim to a malicious attack.
The following are some of the tips on essential security measures that should be considered in order to use cloud computing safely, thus avoiding most of the risks involved.
Choosing the right password
Another concern with cloud computing services is that, despite the protective measures implemented by all companies, the security of user accounts depends on the password assigned to each of them.
An example of the consequences of using insecure passwords was recently evident in the Twittergate case, in which a cracker obtained numerous corporate documents belonging to the popular microblogging service, Twitter, and published them on the news and technology site TechCrunch.
These documents were hosted by Google Docs and although Google cannot accept responsibility for the leakage of information, the files would not have been stolen in the first place if they had been hosted behind a firewall. The company’s key information was nearly discovered, “a decryption password away.
The difference between a corporate network and an online account is that in a business ecosystem, administrators can create password policies that force them to maintain certain levels of complexity and create new passwords periodically. However, in the cloud, we have the freedom to set anything as a password and never change it again. This is an area that still needs a lot of work.
For such a situation it is recommended:
- Selection of “strong” passwords, difficult to crack.
- Keep them secret.
- Do not transfer them.
- Do not write them down on easily accessible paper or on unencrypted files.
- Do not enable the option “remember key on this computer”, offered by the programs.
- Do not send them by e-mail.
- Change them frequently.
Encrypting data in the cloud
Another (little known) weakness of cloud computing is that few machines have access to the randomly generated numbers needed to encrypt information.
The details of this mess are overly technical but the result is that the inherent nature of virtual computing makes the task much simpler for hackers and crackers because it allows them to easily guess the numbers used to generate the encryption keys.
While this is not an immediate problem that threatens the integrity of cloud computing, it will require long-term research.
- Secure remote management. Traffic encryption.
- Classify and encrypt sensitive information with trusted encryption applications.
- Use end-to-end encryption technologies (VPN).
Proper use of cloud computing services
If we consider the problems already described, we will probably think twice before relying on services that work through the cloud.
But is it really that bad? Is the cloud a worse platform than what we already have?
In fact, although the cloud brings under its arm a package of challenges and threats that we will be dealing with for the foreseeable future, this will be precisely during the early stages of the transition. Nor does it necessarily present threats worse than those of the traditional system.
At the end of the day, the market as a regulatory and spontaneous entity will make developers and owners of services for cloud computing increasingly solid and secure proposals. It is precisely these people who will be best rewarded for their efforts and their platforms will be adopted by users.