Cloud computing is changing the way companies consume technology and computing solutions. It is a new paradigm that allows us to offer computer services through the Internet. Those offered are shared by groups of users and provided by an infrastructure that can be scaled to serve an hour-by-hour changing demand.
Among the most attractive advantages of cloud computing is that it can help companies explore or launch a new business service by minimizing investment in infrastructure and management.
But although many companies are running all kinds of applications in the cloud, many others still do not dare because they fear for the security of their data in that environment. "The essential difference between cloud and non-cloud applications is that in the cloud security responsibilities are divided between users and providers, while in the traditional model all the responsibility is on the user," says Ariel Waissbein, director of CoreLabs at the respected Argentine firm Core Security Technologies. For him, another interesting aspect of the cloud is that it allows a young company to transfer the risk of some threats to the provider of this service and, in addition, to do it in such a way that the costs can scale in relation to the use.
By accessing these services, the user who administers the account consents to the conditions through an SLA (service level agreement) that specifies the conditions under which the information is stored and processed on the platform being used. "These conditions are a critical factor in ensuring their safety. Data centers are high-power servers where virtual servers are hosted. This implies that traditional protection for the server is not enough, it is also necessary to protect the infrastructure through security tools at the platform level, "says Gabriel Clabosa, coordinator of Small and Medium Enterprises at Trend Micro.
In any case, we must bear in mind that if security is a determining factor for a company, you can always start by acquiring a basic infrastructure service, which will allow you to maintain greater control over the components of the service. "Services can also be contracted on a temporary basis or you can start migrating applications of low criticality, either to free up resources of own infrastructure or to cover elastic demand requirements," says Mariano Grinfeld, technical consultant at BMC Software.
Among the precautions to be taken when companies are in the cloud, Jorge Mieres, Malware analyst at Kaspersky Lab, explains that security measures should always be adopted at the highest possible level to minimize the chances of success of an attack. To achieve this, it is necessary to study in depth the security capabilities offered by the provider in each of its layers depending on the cloud computing model used. "Two other important factors are, on the one hand, the possibility of auditing the cloud provider on the security controls they apply to the company's assets; and on the other, the privacy of the information, since depending on the legislation in force in the country from which the service is offered, there is the possibility that for some reason of a legal nature it is required to share the data, for example, with the government, "adds Mieres.
Before you go up to the cloud
The security companies consulted by La Nación offer some tips to keep in mind before migrating to the cloud computing model. "Companies implementing cloud technologies must carefully analyze what kind of information they will process or store with these types of technologies, as well as the level of criticality of this data. In many situations, companies decide to hire cloud services to manage non-critical processes of the organization. It is also important to identify which processes in the organization can be improved with this type of service," suggests Clabosa.
According to Grinfeld, cloud computing is a paradigm aimed at lowering costs, improving the ability to deploy services and maintaining reliability in the business service. "If for some reason a company can't articulate, in concrete terms, at least one of these three claims may be that cloud computing isn't in the best interest of this company," Grinfeld says.
Referring to services in a public or hybrid cloud, the BMC executive clarified that it is important to overcome the natural resistance of computer security and justify, for the business, in economic and operational terms, the reasons for moving a service to the cloud. Another tip from Grinfeld is to find the service provider that satisfies the company. "If none of the offers on the market inspire enough confidence in them, they should not rush. They should talk to suppliers," he advises.
For those companies that want to get on this trend, but are not yet encouraged to do so, Mieres says: "Although in cloud computing security will be offered by the service provider, it is always good to protect the information through encryption algorithms, in such a way that the data travels completely safely, guaranteeing that security is on both the provider's side and the customer's side. In addition, it is advisable to study the terms of service very well, especially if it is companies such as SMEs and free cloud programs."
It is probably easy to find projects for which it is more efficient to run them from the cloud, but it is necessary for companies to make informed decisions, and for that it can be useful for them to approach a cloud service, use it and experiment with them. Many providers such as Amazon Web Services (AWS) or Google AppEngine have an interesting offer of free services for this purpose. "An interesting and useful experiment can be running the corporate website – or some website – from AWS. On the one hand, this will give them a basic knowledge about how this service works by taking advantage of Amazon's free offer, and on the other, it can give the company a solution to an eventual power outage or failure in its servers, "says Waissbein.
Source: La Nación
Leave your comment