Cloud Security

While the advantages of cloud computing are clear, many agencies continue to be concerned about security and privacy issues associated with the “as-a-service” models. No two clouds are the same, and it is important to consider the differences and similarities across all models when evaluating cloud security. An understanding of the basics of cloud security includes key security and privacy issues, advancement in cloud security, top threats and risks, and cautions and considerations when implementing cloud technologies.

Edit \| Delete	Order
Key Security and Privacy Issues The National Institute of Standards and Technology (NIST) issued the Guidelines on Security and Privacy in Public Cloud Computing. These guidelines provide an overview of the security and privacy challenges important to public cloud computing, and identify considerations for agencies outsourcing data, applications and infrastructure to a public cloud environment.
Advancements in Cloud Security While the biggest obstacle facing public cloud computing is security, there are many opportunities for innovation to improve the overall security of agencies. Potential areas of improvement where agencies may see benefits from a transition to the cloud include: Cloud staff specialization Resources availability back-up and recovery solutions Platform strength Increased focus on standards
Top Security Threats and Risks The Cloud Security Alliance has outlined The Top Threats to Cloud Computing, which apply across all cloud computing models. These threats and risks are identified to assist agencies in making educated risk management decisions regarding their cloud adoption strategies.
Cautions and Considerations The evaluation of security procedures and processes is crucial when an agency considers a move to the cloud. There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing Software-, Platform-, or Infrastructure-as-a-Service via the cloud) and security issues faced by their customers. In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.