Tom’s Hardware featured an article last week which sought some general answers to the question of how to maximize security in the cloud. As more and more companies migrate their IT resources towards cloud-computing vendors such as Amazon Web Services, the issue of securing one’s data on somebody else’s machines has been rightly generating much attention.

The article delineated four main areas of focus when it comes to cloud security:

1. Data Encryption – There are various ways to ensure that company data stored in the cloud is encrypted. SSL and other VPN (virtual-private network) connections are the standard offering by cloud providers, which allow for encryption of data when it is transported across network channels.The safest option, though, is to extend your internal security to cover the resources stored on the cloud. This can either be done, as the article notes, by either establishing a public and private hybrid cloud or by using something like Amazon’s Virtual Private Cloud, which directs cloud-based application traffic through your internal security tools before it goes online.
2. Fine-Grained Access Controls – The ability to restrict access to various resources located on the cloud based on user type is one of the least developed areas of cloud computing security. This feature is more of a protection from accidental internal damage rather than from malicious attacks outside one’s organization. Developers who are working on one project whose resources are located in the cloud should not necessarily have access to the entire company cloud files, where negligence or ignorance could cause inadvertent damage. This is an area that is being rapidly developed and these features will be in place for most serious cloud providers “in the near future”, according to Tom’s Hardware. Continue reading →