Information Assurance in Cloud Computing

Computer storage has seen a major overhaul in recent years with the development of cloud-based storage technology. An emerging technology with a number of different applications, the global move to cloud computing stands to significantly affect the way we access and share data across multiple devices.

Where collaboration across multiple devices previously required manual uploading and tracking of new file versions, server-side storage allows multiple users to access their files from nearly any device connected to the Internet. No longer limited by what is or is not stored on an individual computer, cloud computing keeps users in sync with each other and up-to-date in terms of both individual files and cloud-based applications.

The movement to online storage does carry inherent risks, however. On-demand access to files that are stored on distant servers requires file transmission over the Internet, without the protection of an individual or enterprise firewall system. Cloud-based applications, where complete programs are stored on servers and streamed to individual computers as needed, present additional challenges.

While there are significant advantages to a cloud-based application in facilitating access for all users to a single, updated software version, the question arises as to the consequences if security of this server-based program is compromised. In a case where a business is wholly dependent upon access to a program, a bugged or otherwise negatively affected program file could trickle down to all users in the company.

A safe and secure data storage environment can, however, be obtained despite the increased level of risk in cloud computing. Developed cloud computing services are well equipped to address concerns as they arise, and in some cases services can handle security issues more effectively than the organizations whose data they host.

With the inherent security risks of online storage systems, businesses face an apparent need to hire dedicated teams of information security professionals. Information assurance at the cloud level, however, has the added benefit of encouraging security management by the providers of cloud services. While this places greater responsibility on service providers, it also frees up resources for businesses to direct efforts of in-house IT personnel elsewhere.

Providers of cloud-based applications are also well positioned to handle the inherent risks of compromised software. Software with unforeseen security exploits is nothing new, and prior to the advent of cloud computing, organizations were required to patch each instance of their applications as flaws became apparent. A cloud-based storage solution allows businesses to delegate responsibility for upgrades to a team of focused professionals, all but eliminating the need for organizations to keep track of software versions.

It may be the case that hosting an application or desktop environment “in the cloud” constitutes a risk in itself, but if an information assurance team can respond more quickly and effectively at the server level than could hosted organizations, we may still see a net benefit in cloud software usage. What we see in these cases is a shift in responsibility for information assurance from organizations to cloud computing providers.

There certainly are inherent security risks to an increasingly online storage system, but in many cases the providers of these systems are in a position to address any concerns. With this shift in responsibility in mind, it becomes crucial for businesses to research their providers with care. Cloud computing providers must have sufficient information assurance policies and personnel in place to handle the risks of online data storage, including well documented and implemented best practices and “disaster response” plans.

As cloud computing continues to develop, so too will the sophistication of hacking attempts. Information assurance is and will remain a highly important feature of any organization’s data security system.