Platinum Author
The future of computing, if you read many of today's IT magazines, is in the cloud. Cloud-based computing is believed to be the next big, emerging trend and the days of the self-hosted, closed-network application are numbered. If this is so, how will it affect security for the near and far future of computing and IT management?
Failures in the Cloud
Early this year, an employee fired from his job at a car dealership used his login to wreak havoc on over 100 vehicles in the dealership's network using a cloud-based application. The app was built to allow the dealership to shut down cars (not allow them to start) or honk the horn when owners were late with a payment or in default. It was meant as a way to lower costs by not requiring towing and repossession fees as often. It was enabled through a cloud-based application from a provider who leased it to the car dealership. The dealership, upon terminating the employee, suddenly found themselves swamped with calls as customer after customer found their car horns honking at all hours, their vehicles not starting, and more.
In another instance, about a year ago, a now-defunct Web-based bookmarking service (similar to Delicious) called Magnolia (ma.gnolia.com) had a catastrophic failure. Most of their production database failed and was unrecoverable. No backups existed. This cloud-based service failed to do even the most simple of security tasks: keep reliable backups.
Obviously, by using cloud-based services, you are putting much of your security concerns into the hands of a third party (the app's provider and/or host) and your application is now fully Internet-accessible, which means security needs to be more stringent than with a self-hosted, internal-use-only app.
Security in the Cloud
The largest problem with the Cloud, security-wise, is that it is inherently centralized. This sounds counter-intuitive, since "cloud" would seem a symbol for "many," but the model of cloud computing is based on a centralized service offering application(s) to individual systems. The "cloud" in this case is a symbol for the ambiguous nature of the location of the app itself and how information is shared within it.
In the 1990s, one of the big buzzes in IT was the introduction of "thin client computing" (often called "dumb terminals") to the corporate networks. These were extremely limited systems that were generally no more than a simple processor, a monitor, and a keyboard that connected to a central server which provided all of the applications and storage. Sort of like the net-books of the day, only not as portable.
These systems had the same inherent vulnerability as today's cloud-based services do: they're centralized and thus if one thing fails, they all fail.
For this reason, the primary security concern of the IT manager who utilizes cloud-based services should be backups. Reliable, off-site, verifiable, and under your own control (preferably) backups. The problem here, of course, is that you cannot likely keep backups of the application itself, so you rely on the vendor for that. You should, however, have a way to keep reliable and frequent backups of your data itself. Preferably in a format that is somewhat portable so that an app failure doesn't mean your data is useless elsewhere.
In Part II, we will discuss the formation of security response initiatives and hack-proofing your cloud.
Business Fusion Marketing is a Burlington Ontario based lead generation expert helping local Halton businesses "Get More Leads and Make More Sales" by integrating and automating their classical and internet marketing. Fusing modern marketing, like Social Media, with proven classical techniques yields leads 667% more likely to close a sale. If you'd like to discover how to plan, manage and develop your successful Social Media strategy visit http://SocialFusionFormula.com today.
Article Source: http://EzineArticles.com/?expert=James_Burchill
