The user is responsible for the protection of their own information and must take action to protect their information and applicationsin a cloud environment.
Moving applications and data from personally owned, administrated, and controlled IT infrastructure to a cloud environment, which the user does not own, control or operate, dramatically changes the users viewpoint. This move creates a trust relationship with a unknown party which comes with a third-party commitment and associated risks. This Topic addresses these potential risks and provides insights for users to consider, in particular to the many aspects of security in both environments.
In researching this topic, it is quickly apparent that addressing some security concerns becomes easier in the cloud while others become harder. The converse is also true. Easier or harder can be defined in many ways including, but not limited to, terms like cost, time, effort, space, personnel, operation, control, and change. All these terms apply to both cloud and conventional IT environments in different ways and affect the users viewpoint, culture, and decision-making process. But the most important term to consider is SECURITY. Security really is different in the Cloud. Security is critical not only in complete user knowledge of the current traditional IT environment, but in considering any decision to move to the cloud, the actual transition to the cloud, and continually following the move.
Any cloud provider that claims just move to the cloud and we will take care of everything is not going to be half of a trusted relationship.
Information security within a cloud computing environment (cloud security) is a topic of great interest as cloud computing continues to replace traditional IT computing environments by individuals, companies, and government agencies. While cloud providers offer total package solutions facilitating a move to the cloud, the reality is that the many aspects of cloud security remain the responsibility of the user. In some cases this security responsibility is assisted by the cloud infrastructure, in others security still requires additional measures by the user. In both cases, the user is responsible for the protection of their own information and must take action to protect their information and applications.More background on Cloud Computing is available here.
This topic provides an understanding of cloud security including the similarities and differences between cloud security and conventional IT security, concerns specific to cloud computing, including the decision process resulting in the selection of a trusted cloud provider. The discussions in this topic are intended to provide an initial overview of cloud security for any interested reader, not only technical professionals. It is designed as a quick read for a decision-maker or an involved reader who needs a quick understanding of the cloud security topic at a high level or someone who needs to get topically up-to-speed.