Cloud security and privacy

Question

Hi,

I have a very basic doubt regarding cloud computing that is catching up pretty fast these days. To my understanding, cloud computing is a paradigm in which companies put up their data and applications on somebody else's machines aka 'The Cloud'. I want to know just how secure is it to put up my data on some third party machines, especially if my data contains private details. In particular, how can an enterprise trust the cloud computing service providers in this data privacy aspect?

Thanks, rakesh.

Answer 1

In particular, how can an enterprise trust the cloud computing service providers in this data privacy aspect?

Good question.

I guess, it boils down to carefully examining the fine print of a cloud computing service provider, seeing what they guarantee about privacy (and whether those guarantees have legal backing) and then making a "business decision" that weighs the risks and benefits.

Generally speaking, developers should not be making these decisions.

Answer 2

It depends on what kind of data you want to store.

If you are speaking of credit card or financial information, then its NOT secure. PCI Level 1 compliance rules out any possibility of using the cloud, because to be compliant you need to perform third party on-site audits, and most cloud providers don't allow that. Here is Amazon's stand on it. For any other data that requires legal compliance, you will find it difficult to host it on the cloud.

For other kinds of data that doesn't need legal compliance, it all boils down to your enterprise's risk appetite and the kind of cloud vendor you are dealing with. Completely agree with Stephen on this.

For general information on cloud security, you should visit Cloud Security Alliance. They have the most relevant information in this field.

Answer 3

If you're that worried about security, perhaps you should be looking elsewhere other than the cloud and instead at a trusted provider or running your own.

Answer 4

Rakesh, from your questions it is not clear what kind of information you have to deal since as Sri said sensitive information such as credit card details must follow strict standards and rules. For anything else you can use the Cloud.

I might not be 100% objective but I can tell you that Cloud applications that are built with Visual WebGui are practically unhackable as proven in an open real world hacking challenge we ran with a $10,000 prize. Thousands gave it a try but no one succeeded because of Visual WebGui's 'empty-client' architecture. It was designed to offer absolute security for RIA front ends.

So I am not sure if it fits your objectives here but you should know that it provides a completely secured UI from the front end.