Cloud computing is changing the way business network designs and infrastructures are built. It refers to applications offered as services via the Internet, as well as the hardware and system software used in data centres to deliver those services. The services themselves have long been referred to as Software as a Service (SaaS), which has its roots in Software-Oriented Architecture (SOA) principles that first appeared on business network roadmaps in the early 2000s. Other types of cloud computing services accessible to corporate clients include IaaS (Infrastructure as a Service) and PaaS (Platform as a Service).

Cloud computing promotes the concept of computing as a utility that can be used on demand by companies in a way similar to other traditional utility services (e.g., electricity, municipal water). It has the potential to alter much of the IT sector by offering organisations the choice of running business software programmes entirely on-premises, entirely in “the cloud,” or a hybrid of the two. These are options that organisations did not have until recently, and many are still adjusting to the new computer landscape.

Any computing infrastructure must be secure. Companies go to considerable pains to safeguard on-premises computing systems, so it should come as no surprise that security is a key issue when augmenting or replacing on-premises systems with cloud services. Often, addressing security issues is a requirement for future conversations about moving a portion or all of an organization’s computer architecture to the cloud.

Another important issue is availability: “How will we function if we can’t connect to the Internet?” “What if our clients can’t access the cloud to place orders?” is a frequently asked question.

In general, such concerns arise primarily when organisations consider shifting core transaction processing, such as ERP systems, and other mission essential applications to the cloud. Companies have typically been less concerned about moving high-maintenance systems such as e-mail and payroll to cloud service providers, despite the fact that such programmes include sensitive data.

Some key Issues and concerns about security!

Many organisations, especially those that must comply with the Sarbanes-Oxley and/or Health and Human Services Health Portability and Accountability Act (HIPAA) are concerned about auditability.

The auditor’s capabilities must guarantee that your data is stored on site or migrated to the cloud. In advance, organisations should take care both in the cloud and inside before shifting key infrastructure to the cloud. Many of the security problems connected with securing clouds against external attacks are similar to those facing central data centres conventionally. In the cloud, however, users, suppliers and any third-party companies that utilise security-sensitive software or configurations often have responsibilities for ensuring appropriate security. Cloud users are responsible for application-level security.

Physical security and some software security, such as external firewall policies, are the responsibility of Cloud suppliers. Safety is shared by users and providers for the mid-layers of the software stack. A security issue that organisations that explore moving to the cloud might overlook is the danger of sharing vendor resources with other cloud customers. Cloud providers must defend each other from theft or denial of service attacks by their users and users.

Virtualization can serve as a strong tool to manage these possible dangers, since it shields consumers or the provider’s infrastructure from most efforts. All resources, however, are not virtualized and not every virtualization environment is bug-free. Incorrect virtualization may enable user code access to critical areas or resources of the provider’s infrastructure. Again, these security problems are not cloud-specific and comparable to those associated with non-cloud data centre management where various applications must be safeguarded. The extent to which subscribers are safeguarded from the supplier, particularly in the case of accidental data loss, should also be an issue of safety that companies should address. For example, what happens to retired or replacement hardware as provider infrastructure improves? It is simple to envision that a disc is removed without cleaning the subscriber data correctly. It is also easy to envision permission vulnerabilities or bugs that would allow unauthorised people to view subscriber data. Encryption at user level may be an essential subscriber self-help option, but firms should verify that additional protective systems are in place to prevent unintentional data loss.

Cyber Security Concerns and NIST framework

Many models, guidelines and acts have been created to advise businesses through cloud computing security problems. In these areas even NIST has chimed in and recommendations of NIST systematic considerations include Software for the Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service for all key cloud services utilised by enterprises (PaaS). While security risks may differ depending on the kind of cloud service, NIST Cyber Security Framework suggest following:

No wonder NIST advises that we pick cloud providers that enable strong encryption, have enough redundancy measures in place, use authentication procedures and give users with sufficient visibility into techniques used for protecting users from other subscribers and providers.

As more companies integrate cloud services into their network infrastructures, the problem of cloud computing security remains essential. Examples of cloud computing security defects may have a chilling impact on the commercial interest of cloud services and inspire service providers to seriously incorporate security methods which will alleviate their concerns. Some of the service providers have transferred their operations to Tier 4 data centres to meet users’ availability and redundancy concerns. As a number of companies are reluctant to use cloud computing to a large degree, cloud service providers will have to work harder and persuade potential clients to safely and securely shift computing support for key business processes and mission-critical applications into the cloud.

In conclusion, it is great to follow the NIST recommendation and other security measures to protect your digital asset, computers, and cloud infrastructure. Few of them like apply latest security updates, blocking suspicious websites, using strong encryption with data transfer, evaluating cloud provider with considering physical and logical security of servers and systems, think about business continuity and redundancy plan, use to hardware based token or multi factor authentication for identities and resources and refer cloud provider’s security best practices to safeguard your business from potential attacks.