Cloud Computing and Data Security: Know the Risks

Some enterprises now consider cloud computing to be the next-best thing to sliced bread. But Jeff Kalwerisky chief security evangelist of Alpha Software, sees the benefits as well as the hype. As an expert in information security and risk management for more than two decades, Kalwerisky has worked for many Fortune 100 companies and sees some security risks that could expose company data in the cloud architecture.

“The devil is in the details,” says Kalwerisky, who advises exploring security risks from all angles. Data security needs to be measured according to the classic model he calls “CIA”: confidentiality, integrity, and availability.

Users walk into the cloud expecting that some basic needs will be met. “Users want to be sure their data is confidential and kept private at all times,” he says. Users also expect data integrity and accuracy; data needs to be updated with the most current version available 24/7, he says. But that is not always the case. “Even Amazon went down for 4 hours last February. For big companies, it’s a nuisance, but for smaller companies, it’s a big loss of business.” And what happens when the cloud computing company has a hardware or software malfunction or fire? The big question is accountability, he says: “Which throat do you choke if it’s not working?” He suggests making sure data is stored in at least two different places for safekeeping and future accessibility.

For anyone who is contemplating using the cloud, Kalwerisky suggests that customers ask a few questions before signing on the dotted line. Know your vendor and what software/hardware is being used and what security precautions are in place. Data is usually at risk when it’s in transit. So make sure data is encrypted at all phases. Even if someone should intercept data while it’s in transit on the web,…