Despite all the convenience of cloud computing, it’s a bit of a scary thought to think about all your corporate data floating around somewhere you can’t see. There are always security concerns when entrusting your data to a public or private cloud, but there are a few specific security holes to look out for if you want to make sure your data is always under lock and key.
When it comes to a public cloud, you need to be aware that you will have neighbors in that cloud. There will be other people and companies storing their data on the same cloud as you. Your neighbors aren’t going to be out to get you most of the time, but if the multitenant cloud database is not properly designed, a flaw in someone else’s application can potentially open the door for a hacker to everyone’s data in that database.
A less likely scenario would be, virtual machines running the same hardware can spy on each other to pick up information on the cryptographic key being used by the other VM.
Hijacking can also be a concern. If a hacker can get your account and login information, then they can hack your data, forge results and redirect your customers to sites chosen by the hacker.
Management of the encryption key is also a way for people you don’t want accessing your data getting a look at it. The database can be the most secure in the world, but the government can force the cloud service provider to reveal all your data to them. So the problem isn’t the encryption itself, but the location and management of the encryption key. It’s best to encrypt your data yourself either before or while you send it to cloud.
These problems aren’t the end all be all for cloud computing, but they are things to keep in mind when switching over or upgrading your cloud PaaS, SaaS or IaaS. These are legitimate concerns to bring up to potential vendors to see what sort of protections they have in place for these kinds of situations.
To read more about these security holes visit this article written by Natalie Lehrer for SmartData Collective.