Many businesses prefer the cloud computing system of operational expenditures rather than the traditional model of capital expenditures which costs businesses more. The major cloud deployment models are cloud-based, on-premises, and hybrid.
The features of cloud computing being a model that enables convenient, on-demand network access to computing resources that can rapidly be provisioned with minimal management efforts make it more attractive when compared to the conventional models. However, with the growing number of cloud providers and services available, organizations must exercise due diligence when migrating to the cloud to strike a balance between cost and productivity as well as risk and liability.
Some security and privacy issues to consider include- Governance, Compliance, Identity and Access Management, Data Protection etc.
Governance: According to AWS, Cloud governance is a set of rules, processes, and reports that guide your organization to follow best practices. The cloud governance model establishes an authentication strategy to protect the confidentiality, integrity, and availability of information. While cloud computing simplifies platform acquisition, it also amplifies the need for governance as lack of organizational controls over employees engaging in cloud computing services can be a source of problems. Governance is a necessity to mitigate against security and privacy risks to prevent unauthorized downloads or installation of software, access to restricted sites by users, and storage of illegal data. Governance also covers multiple cloud security components such as encryption, security groups, access controls, trails, etc.
Compliance: Compliance involves enforcing rules that align with policies defined by regulations. In the context of cloud computing, "Cloud Compliance" refers to the need for cloud customers to adhere to various industry standards and regulations. A major concern in cloud computing is the security of data, both from the customer's perspective and the vendors. Customers often move their data to the cloud without fully understanding where it will be stored. Security in cloud computing must be ensured at two levels: the customer or user level, and the cloud service provider level. For end-users, cloud computing offers immediate IT access through a web interface, while businesses see it to reduce costs. On the provider's side, it's essential to ensure that servers are well-protected from threats and attacks. However, organizations are ultimately responsible for ensuring the security and privacy of the data that a cloud provider stores and manages on their behalf.
Identity and Access Management: Preventing unauthorized access to cloud-based information resources is a critical concern. Identity and Access Management (IAM) plays a key role in this by overseeing the systems and processes that manage access to an organization's resources. IAM ensures that an entity's identity is verified, granting the appropriate level of access based on the security requirements of the resources, the confirmed identity, and other relevant factors. To enhance security and streamline access, identity federation allows both the organization and the cloud provider to mutually trust and share digital identities and attributes across their respective domains. This facilitates single sign-on (SSO), enabling users to access multiple systems with one set of credentials. Identity federation can be implemented using standards like Security Assertion Markup Language (SAML) or OpenID.
Data Protection: Data protection is a fundamental component of any robust security strategy, ensuring that data remains secure whether it is stored in, transferred to, or removed from the cloud. As part of a broader information protection and control strategy, safeguarding data is crucial, especially in public cloud environments where data is typically stored in shared spaces alongside data from other customers. When organizations store sensitive or regulated data in a public cloud, they must carefully manage how access to this data is controlled and how the data itself is secured. These considerations are equally important for data that is transferred within or between different cloud environments. Cloud databases often operate under various multi-tenant configurations, each with different methods for pooling resources and providing varying levels of isolation and efficiency. These configurations can significantly impact security features, such as data encryption, which may be more effective in environments where databases are separated rather than shared. Therefore, organizations must carefully evaluate these factors to ensure their data protection measures align with their security needs.
References:
Jansen, W, T Grance, and W Jansen. Guidelines on Security and Privacy in Public Cloud Computing. Gaithersburg, MD: U.S. Dept. of Commerce, National Institute of Standards and Technology, 2011. Print.
Hashmi, A., Ranjan, A., & Anand, A. (2018). Security and compliance management in cloud computing. International Journal of Advanced Studies in Computers, Science and Engineering, 7(1), 47-54.
https://aws.amazon.com/cloudops/cloud-governance/
https://www.geeksforgeeks.org/cloud-governance-and-its-need/
Bukunmi Ofili is a Master’s student studying Information Systems at East Tennessee State University, U.S.A
