Cloud computing – Security Implications: The Service Provider

One does not need a crystal ball to deduce that cloud computing will be the next big thing and because of this there needs to be some re-thinking of a company’s security strategy in order to safeguard the company data.

The first big question is: should you trust the providers themselves? Just because you’re buying a service, there is no guarantee that the seller is not going to abuse his power. But it’s not just about abuse. We’ve heard lots of stories about the warrantless wiretapping in which telecoms gave little to no resistance at the government’s request to monitor telephone calls. Can you trust that the same wouldn’t happen if the government decided to leverage the cloud for data mining exercises? If you think it’s paranoid to believe that governments might commit industrial espionage then think again as this has allegedly already happened through a project codenamed Echelon.

Cloud service providers are also likely to be a big target for hackers, as a successful intrusion will likely give an attacker access to valuable data of a large number of businesses.  And as cloud services become popular it is nearly certain that they will become the focus of a wider range of attacks and not just intrusions. A cloud service provider’s main concern is to ensure uptime for clients; the whole business depends on it therefore malicious hackers could try to blackmail or extort money from them to avoid Distributed Denial of Service attacks (DDOS) on their infrastructure, so it is important that one has the means to deal with such an event.

Another important consideration is the service provider integrity. Here one needs to ask a number of questions:

• Can you be sure that in the event of an intrusion the service provider will notify you?
• Will your business get access to the server logs?
• If not,  do you have the certainty that the service provider is effectively monitoring the logs and has the proper know-how to both identify issues as well as fix them?
• Does the service provider have an effective backup strategy?
• Does it include offsite backup?
• How long will it take in case of a catastrophic failure for your business to be up and running again? (Is that an estimate or guaranteed time frame?)
• How robust is your internet connection?
• In the event of internet failure how will your business cope?
• What happens in the event that your cloud service provider ceases operations (goes bankrupt, legal disputes, natural disaster)?
• If your cloud service provider were to stop offering their service abruptly do you have a strategy in place to get your business operating again?
• How long will your downtime be and how much will that cost?

Cloud computing can save an organization both time and money; however, it will still require some security considerations. Above are some tips on what to look for and what questions to ask before deciding on which service to go for.  Cloud computing can be a great asset as long as it is used properly and the necessary plans are in place to deal with unforeseen circumstances.