I have written several times recently about cloud computing (see http://tinyurl.com/yjtadoh). I believe cloud computing is the wave of the future for genealogy record keeping as well as for many, many other purposes. There are many advantages to keeping your data on web servers that are available from anyplace with an Internet connection and that have frequent backups made. Data stored in cloud computing environments may be either private or shared with others, depending upon the preferences of the user and of the programmers who created the particular application that is running in the cloud. Different applications will implement privacy in different ways.
Storing critical data on a cloud computing provider's servers raises several questions. Can the employees of the cloud provider be able to see your data or change it? Can other customers of the cloud provider hack into your data and get access to it? And what about privacy issues and government regulations?
In fact, these are all real possibilities if proper precautions are not taken. System administrators have dealt with many of these issues for years in other environments, but cloud computing raises the concerns even higher than ever before. In the comments sections of some of my previous articles about cloud computing, newsletter readers have voiced legitimate concerns about cloud computing security. Luckily, there are known and proven solutions to these concerns.
The Cloud Security Alliance, a non-profit organization comprised of security and technology experts, published an in-depth 83-page white paper, Security Guidance for Critical Areas of Focus in Cloud Computing in April 2009. This document explores thirteen different issues in depth and provides solutions for each. The thirteen sections include:
- Cloud Computing Architectural Framework
- Governance and Enterprise Risk Management
- Legal and Electronic Discovery
- Compliance and Audit
- Information Lifecycle Management
- Portability and Interoperability
- Traditional Security, Business Continuity, and Disaster Recovery
- Data Center Operations
- Incident Response, Notification, and Remediation
- Application Security
- Encryption and Key Management
- Identity and Access Management
- Virtualization
As you can guess from the above titles, the document tends to be technical and written in typical "white paper" prose. To be blunt, it is rather boring. Nonetheless, it provides a great analysis of the various security problems and their solutions.
As stated in the introduction to this document, "The path to secure cloud computing is surely a long one, requiring the participation of a broad set of stakeholders on a global basis. However, we should happily recognize the progress we are seeing: new cloud security solutions are regularly appearing, enterprises are using our guidance to engage with cloud providers, and a healthy public dialogue over compliance and trust issues has erupted around the world. The most important victory we have achieved is that security professionals are vigorously engaged in securing the future, rather than simply protecting the present."
The white paper also reports, "The cloud provider that implements these types of security measures offers small and medium size enterprises improved security over what they probably have or would set up within their own organization."
If you have a concern about the security of cloud computing, I'd suggest you read Security Guidance for Critical Areas of Focus in Cloud Computing at http://www.cloudsecurityalliance.org/guidance/csaguide.pdf. Then ask your cloud computing provider if they are compliant with the solutions detailed in the white paper.
My thanks to "Oxa" for telling me about this great document in a comment to a previous article.
