Ads by TechWords

See your link here
Receive the latest technology news and information.
Storage
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

How data security can vaporize in the cloud

IT managers should consider security, legal issues before signing up for hosted storage services

October 15, 2009 07:08 AM ET

Computerworld - PHOENIX -- While hosted cloud computing may be all the rage for reducing cost of ownership and management, IT managers say hosted storage services present dramatic security challenges and legal implications that need to be considered.

Arthur Lessard, chief information security officer at toy manufacturer Mattel Inc., in El Segundo, Calif., said during a presentation at Storage Networking World on Wednesday that cloud computing is appealing, even if many end users don't know what the word "cloud" means. For example, many confuse cloud computing with pure server and storage virtualization or simply backing up data to a remote site.

True cloud services should be characterized by grid-architected hosts with central management, applications that can be ported seamlessly from system to system, capacity that is easily provisioned and significant data redundancy, he said.

"We're talking software as a service," Lessard said.

When storage is hosted offsite in a virtualized server and disk array environment, cloud computing presents real limitations around authentication and auditing - especially auditing of logging. The lack of auditing capabilities may affect the ability to record user logins, administrative actions and data writes, Lessard said.

"What I can't find out is who has been reading the data files, and ... depending on what business you're in, that might be important," he said.

Also, there's usually no indication of login anomalies, such as repetitive attempts to log into a site under an incorrect name and password. That information is kept by the vendor and is usually part of a contract negotiation process. With respect to authentication, or who sets up the accounts and what control you have over accounts and how they're provisioned, most vendors offer self-registration into your applications, "and that can have holes," Lessard said.

"Most authentication in a cloud environment is done through user name and password only, so if I had a nifty two-factor authentication set up or biometrics, it's no longer offered," he said.

Most service providers also have restrictions against penetration testing of the cloud by their customers.

"To be honest, I can't blame the vendor because by doing penetration testing against their environment for your applications, it could impact someone else's applications," he said. "Remember, it's a cloud, and you don't have a lot of control over where my stuff is running or where it sits."

Hackers can exploit security holds associated with hardware and software cloning in virtual server environments. Most operating systems have unique or personalized components when they're installed on hardware, and the OSes rely on the hardware to generate random numbers for public and private encryption key pairs and user IDs, even when they're being cloned onto new systems.



Jump to comments

cloud computing

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

White Papers & Webcasts

Data Protection is not an insurance policy -you cannot buy-back lost data
Find out why you need to maintain access to critical information to run your business and remain competitive.

Strategic ECM Webinar
Learn what new strategic business benefits can be realized through ECM!

5 Architecture Issues that Impact BES performance
Register to attend this LIVE Webinar to learn 5 Architecture Issues that Impact BES performance!

The Power/Density Paradox: The Result of High Density without Power Efficiency
Download this brief to explore what the power/density paradox is and how IT professionals can mitigate the risk.  

Four Principles for Reducing Storage TCO
View cost reduction strategies in this video! Provided by Hitachi Data Systems.