Cloud storage is a model of data storage whereby digital data is stored in logical pools. The physical storage spans multiple servers (and often locations), and the physical environment is typically owned and managed by a hosting company. In this blog we explore the issue of security, which is seen by many organisations as a barrier to using the Cloud for storage.

Cloud Security Issues:

Data breaches due to a flaw, data deleted by a malicious hacker, a disaster, traffic hijacking and cloud abuse are the major security issues. Insecure interfaces and APIs can expose an organisation to security issues pertaining to confidentiality, integrity, availability, and accountability. Denial of Service (DoS) outages, insufficient due diligence (which is caused when organisations embrace the Cloud without full understanding) and shared technology vulnerabilities can also cause serious security issues.

Ensuring Security in the Cloud:

Certificates issued by a PKI facility can be used for enforcing access control in the Web environment.  PKI-based Single-Sign-On mechanisms are indispensable within a cloud environment, since they provide the means for a smooth, transparent and strong authentication across different physical resources. SSO in combination with PKI enhances complex free, authorisation and authentication processes.

IPsec is an IP layer protocol that enables the sending and receiving of cryptographically protected packets of any kind (TCP, UDP, ICMP, etc.) without any modification. Server and client authentication and creation of security domains helps reduce the security threats. Cryptographic separation of data is achieved using a combination of asymmetric and symmetric cryptographic (often referred to as hybrid cryptography) and can offer the efficiency of symmetric cryptography while maintaining the security of asymmetric cryptography.

A trusted certificate from a Trusted Third Party serves as a reliable electronic “passport” that establishes an entity’s identity, credentials and responsibilities.

Data Ownership:

There are two types of data that are stored in the cloud. The first type is the data that is created by the user before being uploaded to the Cloud and the second is data that is created on the Cloud platform itself. Data that is produced prior to any upload into a cloud platform may be governed by the appropriate copyright laws, depending on the cloud server, while data that is generated after storage brings about a whole new dimension of ownership.

A number of cloud services tend to acquire user data and store it, but do not allow external parties to retrieve all of it after it is provided. For instance, LinkedIn does not permit other services to access all the user data – personal data such as the email address of the user, or their contacts cannot be retrieved by third party services through the LinkedIn API.

A number of companies try to remain relevant by preserving all access to the clients’ data to themselves to ensure security and privacy. Depending which Cloud service you go for, some free services reserve the right to keep user data within their platforms, while others take ownership of only a part of the data uploaded to their servers.

Sogeti can guide you through the Cloud minefield with our Cloud Advisory Service. Click here to find out more or email us at



Posted in: architecture, Behaviour Driven Development, Business Intelligence, Cloud, communication, Developers, e-Commerce, Opinion, privacy, Security, Sogeti Studio      
Comments: 0
Tags: , , , , , , , , , , , , ,