Cloud computing is a synonymy for distributed computing over a network and ‘Yes it is safer than traditional datacenter’. Cloud Data Center intends to run programs or applications on a lot of connected devices at the same time. It is achieving popularity because of excellent points: Infrastructure flexibility, faster deployment of data, cost control, improved productivity etc., but there are still questions in the mind of customers:
‘How deep is the security customization? Will my data be encrypted? What is the status of physical security of the servers/storage solid? What protection is provided if there is a security breach?’
Now these questions are raised only due to the Security Concerns on Cloud Computing. And these security questions of customers are answered by Cloud Computing by using the best-practice of multi-layered security and some other excellent ways to secure data mentioned below:
1. Firewall: It sits at ‘Access Point’ of the network and performs rudimentary check to control data and services access.
2. Access to resources is located within their clouds and they are given rights to manage only those resources. Therefore, the cloud customers are provided with Management Portal that is encrypted to manage their resources. SSL Encryption is the best tool used for this task.
3. In Cloud Datacenter the customers are rendered with a transparent and secure backup mechanism which allows them to take back up on consistent basis and enable quick restoration at downtime.
4. Snapshot and cloning capabilities of Cloud Computing Technology has made this possible to backup and restore data, this has also provided a potential to use complete operating system and applications on other operating systems present on cloud.
5. In Cloud Computing the authentication of system users and administrators in such a way that so that a track could be of footsteps is recorded by knowing who is doing what within the system, when they did it and what exactly they did. In Cloud Computing any access to cloud resources either by the customers/system users/ administrators is logged for auditing purpose.
6. Data Encryption adds an extra layer of protection, even if the whole system is compromised. Encrypted Data when traverses the network, it is much more difficult for the attackers to do any harm with intercepted traffic.
Now when we discussed the same with QA Testing folks working on Cloud testing we got some mixed reaction. While one said that:
“Cloud computing technology has just gained visibility in the recent years and due to its short period in the market it is difficult to compare with Traditional Data Centers. In this era, where everyone is running after the storage of their digital property on cloud. This not only saves the data against crashes but also aims at saving a lot of money that may be spent on the hardware/infrastructure. But the question still remains, how safe is the data on the cloud. With no laws made to guide the security policies of the web, the data that is present on the cloud can be easily accessed by anyone. The various security issues can be:
1. Privacy-is your data being mined for various market researches and advertisements?
2. Reliability- being sure of the availability of data whenever needed;
3. Security- is your data encrypted? If yes, who all have the access to the encryption key?
4. Copyright- who owns the content that you upload, can anyone sell your content without your permission.
And if we go on making a list, we can jot down many such issues. The data being not secure on the cloud can be made clear with the recent revealing of PRISM national security surveillance program, run by the United States National Security Agency (NSA).
With the revelations made by Edward Snowden it has become evident that the NSA is spying on every user by directly accessing their data on cloud services and applications such as Google, Amazon, and Facebook etc. Similarly hackers can also access the data by hacking into the Cloud
Hence, it can be rightly said that, with the present structure of the laws, the traditional datacenter is much more secure in terms of safety than cloud”.
However, when we asked one of the QA testing manager working on Cloud testing had a different view point as he said:
“Yes, the cloud is safer than traditional datacenters, our common knowledge says that it is very important that the data which needs to remain secure should be kept in the data center. But the fact is that the data kept in the public cloud can be more secure. There are various factors which contribute to the cloud being safer.
In case of development lifecycles, cloud is more secure since the security practices are planned and built in. And development can be done from scratch with the best security.
For every organization, there are threats that an internal person who has access to the sensitive data can access it for wrong purpose, but in a large cloud operation this threat is very limited and thus because of stricter access controls the security is not compromised.
The cloud providers need to store a very high amount of data which requires a high level of expertise which is not available in-house and this high level of expertise ensures more security.
Apart from the security testing, the cloud provider makes sure that there is regular monitoring and auditing. This helps to spot an intrusion attempt immediately. Also, it helps to make sure that latest versions of software are being used.
Next comes the controlled environment since the hardware, software etc. are standard. The controlled environment is more secure. So, when new systems are implemented automation principles are used which leaves no chance for a security lapse. Thus the cloud is safer than traditional datacenter”.
Cloud computing technology has just gained visibility in the recent years and due to its short period in the market it is difficult to compare with Traditional Data Centers. In this era, where everyone is running after the storage of their digital property on cloud. This not only saves the data against crashes but also aims at saving a lot of money.