Cloud computing is undoubtedly the best technological advancement of the 21st century. Clouds offer a range of capabilities for small and large enterprises such as the flexibility to enter and exit, scalability, cost-savings among others. However, maintaining security of data in the clouds proves to be a hard task. Cloud computing poses significant challenges to the privacy of personal as well as corporate and government data. With the advancement and increase in the adoption of cloud computing, data security becomes more and more weighty. This paper attempts to analyse ways of maintaining data security in the clouds.
Cloud security is approached in three ways: Data confidentiality, integrity and availability. Confidentiality refers to keeping data private from unauthorized access. As data leaves the borders of an organization and traverses to a storage medium or to be used in other departments, it must be safeguarded from unauthorized access. Secrecy of the data, metadata and transactional information must be guaranteed.
Since cloud computing is based on the sharing and distribution of computing resources and services via open networks, security is of concern. The implications of maintaining the security of data in the clouds are significant. With various privacy violations reported inside and outside the realms of cloud computing, it warrants a more careful consideration. Various security services are currently in place such as authentication, encryption and decryption, and compression. Whereas encryption technologies have been applied to secure the confidentiality of data, it is not a cure-it all. Cloud providers have the mandate to provide evidence to users that their encryption schemes are designed and tested beyond compromise by experienced specialists.
Cloud computing is built on top of virtualization. If there are issues with virtualization, there will also be issues with cloud computing. In order to safeguard the confidentiality of data in the clouds include the following mechanisms and technologies are applied:
Cloud information gateway technology
This technology is developed by Fujitsu in collaboration with Windows. The technology flexible can control data including data content and metadata transmitted between the organizations inside, to the cloud and between multiple clouds. It blocks confidential data from being accessed by unauthorized personnel as well as offer other additional features such as;
- Data masking: In this way, when data passes through the information gateway, confidential parts are stripped off by deleting or changing it before the data is transmitted to an external cloud provider. In data masking, all identifiable and distinguishing characteristics of confidential information are removed. Information traversing gateways is anonymous but still operable for the user.
- Secure Logic Migration and Execution technology: Confidential data that cannot be released past the organizational boundary even if they are formed by concealing certain aspects can be assigned different security levels. In this way, the information gateway can transfer the cloud-based application to the in-house sandbox for execution. Applications that require the use of confidential data are transferred to the remote sand-box for execution after which confidential data remains intact after operation. Sandbox will not allow data or networks that lack certain authentication credential.
- Confidential data can be better managed by employing data traceability practices. The information gateway tracks all information moving to and from the cloud so that these movements can be audited. Using data traceability technologies to audit who accessed financial information in an organization, for instance, helps maintain confidentiality of such data. Data traceability use logs derived from data traffic as well as metadata from the data used in the clouds.
- Authentication and identity: Authentication techniques takes a number of ways combining what the user knows, what they and a measurable characteristic that is unique to them (fingerprint). Authentication through encryption has been commonly used to protect data in the clouds. Encryption is used to assure confidentiality and integrity in case of a breach between the parties exchanging data. Authentication is used to restore confidence between the parties communicating in a data exchange process. Cryptographic techniques have been used to authenticate themselves to systems and data in the clouds.
Other than technological prospects, behavioural aspects are used to secure confidentiality of data in an organization. User policies defining the role of cloud providers as well as the user interaction in the cloud play a crucial role in ensuring that information is safely accessed, stored and retrieved. An organization should establish proper controls to guarantee that only authenticated employees are accessing the data. Technology can be used to audit the system, but employees must also be managed through organizational policies.
In conclusion, confidentiality of information in an organization is a factor of many requirements. Organizations need to preserve the confidentiality of their data through technological and logical processes. Because any one solution is not the magic bullet, organizations should tailor made their controls according to their structure and their operational requirements.
Grobauer B, W. T. (2011). Understanding Cloud Computing vulnerabilities. . IEEE Security Privacy, 9(2):50–57.
Keiko Hashizume1, D. G.-M. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and applications , 4/1-5.
Rittinghouse JW, R. (2009). Security in the Cloud. In: Cloud Computing. Implementation, Management, and Security,. CRS.