Cloud Computing, Hosted Solutions, and Data Security
 |
| credit: JulianBleecker |
Cloud computing has many interpretations and one of them is a rebranding of "hosting". In reality, cloud computing tends to get broken into three layers:
- Software as a Service SaaS) – hosted solutions, individual applications, and integrated packages of capability targeting end users
- Platform as a Service (PaaS) – a packaged set of services onto which tenants (customers) build their own solutions for their own end users
- Infrastructure as a Service (IaaS) – raw platform infrastructure such as operating system or even just CPU, along with storage; giving the tenant (customer) the responsibility of building their system and then deploying it to the IaaS.
How secure is the data in the cloud environment ? That depends of three factors:
- how secure is the storage
- how secure is the access
- how many people have permitted access
There are known quantities and technologies for storage and access. A recent announcement by IBM demonstrates the importance of these issues and the continued research into improvements …
IBM researcher Craig Gentry has proposed a method for manipulating data while leaving it encrypted. That could be big news for cloud computing, for antispam solutions, and for health care providers … [it] enables encrypted data to be manipulated so that, when decrypted, the result is as if the operation had been performed on the unencrypted data — an approach that makes it especially suitable for some types of security."
The third dependency – how many people have access – may be variable and outside the control of the customer. If the Service Level Agreement (SLA) does not stipulate separate and isolated infrastructure then the number of people with permitted access to the service is equal to the total population of all tenants. One solution is for a tiered SLA, allowing the customer to opt for more isolation as a high price point. Of course, this starts to negate the benefits of cloud for the provider, hence the need for pricing tiers that go along with the SLA isolation tiers.
In the end, the consumer needs to make a conscious decision on how much control they retain in the cloud vs the benefit of the outsourced responsibility and resources.
