Customers who implement cloud solutions are concerned about the security of their data on the cloud. The top major providers where customers upload the data are Facebook, Youtube, Google drive, Dropbox, Microsoft Skydrive, etc.
The concern is not only about who can access their private data, the concern is also if these service providers sell their personal data to someone else.
Security is a major impediment in a large scale implementation of the cloud, irrespective of the model, SaaS, PaaS, IaaS. Cloud providers are aware of this and in response are working towards strengthening the security of their offerings.
The 4 major areas which Cloud service provders should consider are:
1. Confidentiality
If a customer uploads his/her data on the cloud, the cloud service provider should not be able to see the data. This can be achieved by encrypting the data. Encryption can be done by the customer before uploading the data or can use the encryption services of the service provider.
Encryption is just some assurance that no one except for key holders can have access to the uploaded data.
2. Integrity:
Integrity means maintaining and assuring the accuracy of the uploaded data. The data should not be tampered with and should be preserved in its original form. The service providers should ensure the data communication and data storage are well guarded against attacks. Implementing HTTPS or any other type of robust security measure would help build trust amongst the customers about the service providers.
3. Availability:
The service provider should ensure the data that is uploaded is always available for the customer to use. This can be implemented by having backup servers and ensuring backup is done at a regular frequency. Thus in case of a calamity where 1 online system is down the other can take over and provide the necessary data to the users. The service provider should use robust infrastructure so that any disastorous event does not have any effect on the provided service.
4. Mutual Auditability:
The customer should be able to verify the actions that are carried out on his/her data. The customer should be able to verify that the actions carried out on the data are by him/her only and the service provider has not completed any action on customers’ behalf. Each data revision should be digitally signed by the customer so that the any activity on the data by the service provider will be highlighted.
Ensuring these key areas are implemented, the service provider can imbibe trust in its customers to upload the data. Also, the customers can then be willing to use the services of the cloud service provider.