CLOUD SECURITY CONCERNS
As organizations seek the cost savings, elasticity, and scalability afforded by the Cloud, data privacy concerns escalate.
Virtualization – the foundation of most Cloud architecture – introduces new and different cloud security concerns than those that existed in a private datacenter, including:
- Application Co-Mingling: Applications are no longer segmented by physical hardware, so data from different departments or even different companies can now reside on the same physical machine and be comingled in storage.
- Mobility: Virtual machines are by nature mobile. They are provisioned and re-provisioned as needed, and can leave a trail of data behind them through virtual machine image files, snapshots and other backup methods.
- Misconfiguration: Many studies have shown that simple user error or system misconfiguration is often more likely to expose sensitive data or leave it more vulnerable to malicious attacks. When entrusting data to a cloud service provider, is an SLA enough?
- Richer Targets: As cloud service providers grow their businesses, they become richer data targets for attacks.
- Regulatory compliance: Data privacy regulations like HIPAA/HITECH and PCI continue to evolve, with new and emerging requirements for virtualized environments. Organizations need to consider how they maintain compliance as they move to the Cloud.
- Breach Notification: As regulations get tighter, more and more states and countries are executing breach notification laws. Costs of notification are escalating, including notification, credit reporting for those affected, bad PR, and ultimately, loss of customer trust.