The topic of cloud hosting will be discussed again in connection with questions of security and availability. Therefore today we are going to shed light on cloud computing security from a technical and legal perspective.
Analyze the applications, data, and processes
Not all the data you want to store in the cloud is subject to Federal Data Protection. The theoretical possibility of obtaining permission of the authorized organization is not very practical, because that could indeed be revoked at any time. However, it’s essential to check whether the data matches the standard regulations of securities or not. Especially, when availability and performance are subject to matter. So one should always look at those applications and processes, and consider at what point cloud computing offers advantages or disadvantages.
Analysis of the contract
The Main problem with business use of cloud services is the fact that most large public cloud providers only offer standard contracts ( Noteworthy, among these are mainly for availability, blocking, and termination rights). The compensation schemes, which the provider especially offers in case of failures (eg . 30 days money-back guarantee for several days of failure data loss). Therefore large organizations should ask the provider for individual contracts, depending on their requirements.
Web Host Selection
You will have to work either with encryption (which is generally always recommended) so make sure you choose a provider, which can maintain major responsibilities such as creditability and controlling the challenges in the resource implementations.
Safe Harbor framework ( U.S & EU Data Protection Program )
Particularly service providers who are not from the EU or the subsidiaries of US companies do have some points to be considered: The focus should be on the Safe Harbor framework and the regulations under the “US Patriot Act”. The data security argument wanted to be confirmed under the Safe Harbor Agreement. The service provider is part of a self-declaration, but in most cases, this is also not sufficient.
In addition, the “US Patriot Act” has just been updated in the last few weeks and the focus of some press reports says: “This is as a part of anti-terrorist struggle enacted US laws, which allows authorities to enforce US law to access the customer’s data held by US providers. However, this also applies to their European or German subsidiary companies for data that store on European servers. Although sometimes these laws violate applicable European or national laws, however, large providers such as Google and Microsoft made use of these provisions and collected customers data in the US
Data Security
When we talk about data security, then one thing [needs] to be said; there is still much room for security improvement in cloud computing. Especially when it comes to the data authentication. Now there are some modern approaches available such as OpenID, which introduces the new concept of client identity verification.
Now we take a look at the latest illustration of the possible threat scenarios (flood attacks), which are expected to be known to everyone, but unfortunately, still, many users are not that aware of these things. Therefore, cloud hosting providers [are]continuously researching and developing new security products for cloud computing to prevent any potential malicious attacks. In addition, the newly introduced “vShield” (VMware product) determines the unprotected sensitive data and protects it automatically.
Certification/standards
Unfortunately, the current standards for the special case of cloud computing are not enough. Therefore, both data center service providers, and cloud hosting providers need to engage with the creation of standards and certifications to continue a greater extent of cloud computing. To facilitate the customer’s easier selection of reliable cloud web hosting companies, the ISO 27001 certification and Baseline Protection Manual Standards should be adapted to the needs of cloud computing. However, the good thing at the present situation is the cloud Saas-label, which at least covers toady’s most popular SaaS requirements.