nobeastsofierce - Fotolia
No one can deny the benefits of cloud computing -- elasticity, scalability and pay-per-use -- but many debate whether it's a secure enough environment for sensitive data. Cloud data security is a hotly contested subject in IT; some believe the cloud is more secure than on-premises environments, while others believe the absolute opposite. And due to the cloud's complexity, the security debate is not as simple as right or wrong. But one thing is certain: No matter if it's a public, private or hybrid cloud, security is essential. And enterprises must do their part to secure their environments.
In a rapidly changing IT landscape, security remains a top cloud concern year after year. Recent major retail system breaches and the iCloud hack that publicized personal celebrity photos stole the spotlight. As hackers advance their attack methods, vendors and IT pros must also the beef up protection methods to detect and prevent against vulnerabilities. We've compiled a list of the top five cloud security articles of 2014 to keep IT pros' cloud data safe in the future.
5. Amazon DynamoDB, Accumulo access controls secure big data in the cloud
Big data is big business for cloud providers, so it's crucial to house these massive data sets in a secure environment. Although NoSQL databases are a common choice for big data, early versions lacked heavy duty security. Now access controls can help secure NoSQL data stores -- including Accumulo's cell-based access controls, AWS' Identity Access Management for DynamoDB and MarkLogic's compartment controls, according to cloud expert Dan Sullivan.
Based on Google's Big Table, the open source Apache project, Accumulo, uses cell-based access controls to stipulate authorization with security labels. Amazon DynamoDB, a hosted NoSQL database service, allows users to manage data access through established identity access management policies. Finally, the document-based NoSQL database, MarkLogic, gives admins the ability to determine which users can access documents with predetermined security and management privileges.
4. Lock down private cloud security with strict procedures, tools
A common cloud misconception is that private cloud is more secure than public cloud. While private cloud offers more control, it doesn't guarantee a secure environment. The key to ensure the best private cloud security is to plan ahead, according to cloud expert Brad Casey. It's important to set protocols to determine who should have access to data in the cloud, as well as have authentication tools in place to maintain proper user access. Additionally, test your private cloud security frequently to check for vulnerabilities and conduct regular audits on system logs.
Should enterprises consider public cloud instead of private cloud for security purposes? There are pros and cons to both. Some companies choose public cloud because the provider is responsible in the event of a security breach. However, the company can't be sure about where their data is located and how it's being managed.
3. Cloud models enhance security, potential of Internet of Things
The cloud and the Internet of Things (IoT) are an interesting combination with endless potential. And out of that permutation comes three new cloud models, including sensor cloud, control cloud and analysis cloud. The IoT cloud model could unite Internet of Things and cloud security methods to improve security in both spaces.
But while these three clouds will enhance IoT's capabilities, there are some flaws. Privacy constraints, storage and other management concerns must be taken into consideration.
2. Three misses that cause cloud failure
Cloud failures have become a frequent -- and often expensive -- issue for enterprises. But what is the root of all cloud computing catastrophes? Along with misunderstanding the cloud's value and use cases, the inability to meet cloud security needs is among the most common cloud killers, according to David Linthicum. Enterprises need to find balance when allocating financial resources for security. Some enterprises overspend out of fear that the cloud is not secure, while others underspend for the opposite belief. To avoid cloud failure caused by security mishaps, it's crucial to find a middle ground.
1. Clouds are more secure than traditional IT systems -- and here's why
Cloud computing is winning over many of its former naysayers, yet the cloud versus traditional IT systems debate continues. Clearly on-premises environments offer more user control than the public cloud; however, control doesn't mean security. Where data resides isn't as important as the implemented security technology.
If proper security measures aren't taken, it doesn't matter whether a company hosts data in the cloud or on-premises. No system or environment is completely safe from attacks, as they affect traditional IT systems even more frequently than the cloud. Governance, access control and vulnerability testing highlight Linthicum's guide to a secure environment.
Nicholas Rando is assistant site editor for SearchCloudComputing. You can reach him at firstname.lastname@example.org.
Weighing the cost of cloud security
Is cloud data encryption still a must-have?
Why data separation is crucial for cloud security