Blog | April 19, 2011

Security in the Cloud

by Jody Vandergriff in Industry Observations

When we talk about security in the cloud, what do we really mean?  Are we referring to a friendly security officer keeping watch over the data?  Or are we referring to protection against hackers on the web?  Or is it security at the application-level, such as user accounts with unique passwords?

The answer to all three of these is a resounding “Yes!” Security can take on many forms and be implemented at different levels. All of these are important and absolutely necessary in order to protect your data. Let’s break down the various types of security in the cloud:

Physical Security

Physical security is the easiest to understand and probably the most self-explanatory. It refers to the security measures taken on-site to protect the actual data center. At the very least, these typically include security guards watching over the facility 24/7, building access restrictions, and video surveillance. The level and volume of these security measurements varies by location, but any reputable company will have more than enough security measures to keep your valuable data safe.

Network Security

Network security is a huge field that encompasses everything from intrusion monitoring to firewalls.  For instance, firewall policies dictate which ports and services can be accessed from an external network.  Firewalls keep unwanted intruders from penetrating your network and authorized network traffic in.  However, firewalls alone cannot completely safeguard against viruses, hackers, and other types of undesirable access.  A secure network includes sophisticated intrusion monitoring and detection systems that report violations and suspicious network activity in real time.

Application Security

Application security refers to policies implemented within the application to protect your data from unauthorized access.  For example, the application’s login mechanism usually requires a unique username and password for each user. Passwords are obviously valuable, so secure applications protect them in multiple ways. On the back-end of the application, encryption methods protect against hacking attempts to retrieve passwords. On the front-end (user interface), password policies often include minimum length requirements or format restrictions and new-password requirements at regular intervals, such as every 90 days. Applications may also limit the amount of login attempts to further protect passwords from “guess” attempts. When a user logs in, the application may also assign data access permissions to appropriate levels. For instance, one user may have read only access while another user can delete data.

Outside of passwords, application security also entails protection against web vulnerability. An example of this lies in the encryption used to protect web forms against hacker intrusion. Many web browsers display when a site or a page is secure and encrypted (often with a padlock icon in the browser corner). In today’s internet, security is a critical component to the software development process and a secure application adds many layers of protection from the ground up.

When considering cloud vendors, don’t be afraid to bring up security — it’s your data, after all, and you deserve to feel confident in their security measures. A good vendor will be able to talk openly about their security measures and is happy to answer your questions.