What the cloud means for your security?
The term “cloud computing” is now widely used – and unfortunately widely misused.
At JUMPSEC we like to keep our feet on the ground, and remember that while abstractions can help us to focus on essential properties of systems and their architecture, unnecessary hype and confusion about technical details can only lead to bad design decisions, misconceptions and it is necessary to remember in particular that:
- Bits are bits – copied data is as good as the “original”
- Cloud computing does not actually happen in the clouds – but in very physical data centres subject to laws of nature, laws of states and laws of economics
- Running something in the cloud does not make it “better” or “worse” on its own
- The fact that you don’t see or own the hardware, the operating system or the middleware does not mean problems affecting them magically disappear
- If you outsource or offshore a business function the risk of that business function stays with you
- The fundamentals of computer security have not changed
In summary, your approach to cloud security should be no different to an appropriate approach for a physical infrastructure.