The topic of cloud hosting will be discussed again in connection with questions of security and availability. Therefore today we are going to shed light on cloud computing security from a technical and legal perspective.
Analyze the applications, data, and processes
Not all the data you want to store in the cloud is subject to the Federal Data Protection. The theoretical possibility of obtaining permission of the authorized organization is not very practical, because that could indeed be revoked at any time. However, it’s essential to check whether the data matches the standard regulations of securities or not. Especially, when availability and performance is subject to matter. So one should always look at those applications and processes, and consider at what point cloud computing offers advantages or disadvantages.
Analysis of the contract
The Main problem with a business use of cloud services is the fact that most large public cloud providers only offer standard contracts ( Noteworthy, among these are mainly for availability, blocking and termination rights). The compensation schemes, which the provider especially offers in case of failures (eg . 30 days money back guarantee for several days of failure data loss). Therefore large organization should ask the provider for individual contract, depending on their requirements.
Web Host Selection
You will have to work either with encryption (which is generally always recommended) so make sure you choose a provider, which is able to maintain major responsibilities such as creditability and controlling the challenges in the resource implementations.
Safe Harbor framework ( U.S & EU Data Protection Program )
Particularly with service providers who are not from the EU or the subsidiaries of US companies do have some points to be considered: The focus should be on Safe Harbor framework and the regulations under the “US Patriot Act”. The data security argument wanted to be confirmed under Safe Harbor Agreement. The service provider as part of a self-declaration, but in most cases this also not sufficient.
In addition, the “US Patriot Act” is just updated in the last few weeks and the focus of some press reports says: “This is as a part of anti-terrorist struggle enacted US laws, which allows authorities to enforce US law to access the customer’s data held by US providers. However, this also applies for their European or German subsidiary companies for data that store on European servers. Although sometimes these laws violate applicable European or national laws, however, large providers such as Google and Microsoft apparently made use of these provisions and conducted customers data in the US
When we talk about the data security, then one thing [needs] to be said; there is still much room for the security improvement in cloud computing. Especially when it comes to the data authentication. Now there are some modern approaches available such as OpenID, which introduces the new concept of client identity verification.
Now we take a look at the latest illustration of the possible threat scenarios (flood attacks), which are expected to be known to everyone, but unfortunately still many users are not that much aware about these things. Therefore, cloud hosting providers [are]continuously researching and developing new security products for cloud computing to prevent any potential malicious attacks. In addition, the newly introduced “vShield” (VMware product) determines the unprotected sensitive data and protects it automatically.
Certification / standards
Unfortunately, the current standards for the special case of cloud computing are not enough. Therefore, both data center service provider, and cloud hosting providers need to engage with the creation of standards and certifications to continue a greater extent of cloud computing. In order to facilitate the customers an easier selection of reliable cloud web hosting company, the ISO 27001 certification and Baseline Protection Manual Standards should be adapted to the needs of cloud computing. However, the good thing at the present situation is the cloud Saas-label, which at least covers toady’s the most popular SaaS requirements.