Musings on Security in the Cloud; How Do You Solve A Problem Like Cloud-ia

Security in the CloudIn true The Sound of Music style, I’ve decided to find out how exactly one does take a cloud and pin it down. As it turns out, there are more successful methods than the nuns thought. Granted, there are plenty of problems. Employees like to bring their own devices and access sensitive material with them, insecure software pops up all over the place, and there’s always the classic account hijacking problem. Public cloud also presents the issues that come with sharing storage space with somebody else. Nonetheless, all cloud services have some kind of security measures for their facilities, infrastructure, systems and applications (and the Cloud Security Alliance did a very long dissection of how these things ought to work).

Security in the Cloud

  • Put a password on data. Encrypt and password-protect and use zip files because this is the easiest thing.
  • Restrict access to necessary personnel. When more people access data in the cloud, especially on their own devices, there are more avenues for attack (Fact: people are careless).
  • Implement firewalls and antivirus protection. Given that the cloud is accessed via the Internet, typical Internet security measures are helpful.
  • Back up data so things can be accessed on a rainy day. That could be applicable whether all of the cloud provider’s facilities flood on the same day or someone accesses the data and kills everything.
  • Put a password (a good password) on data. Everybody says it and nobody listens, so here it is again. Strong passwords equal happy users.

No cloud security system is perfect, but sometimes the best security is the one that convinces the attacker that whatever he’s after isn’t worth the effort. In case I forgot to mention it, use very powerful passwords with @ and & and long words with lots of numbers. Also, as a rule of thumb, use extra precautions when putting extremely sensitive things in the cloud. Nobody wants to spend three days cracking a password just to find Great-Grandma’s peach cobbler recipe if it doesn’t include her secret ingredient.