This chapter examines data security in cloud computing along with data protection methods and approaches. Cloud data security involves far more than simply data encryption. As stated in Chapter 4 (Securing the Cloud: Architecture), requirements for data security vary depending on the three service models (SaaS, PaaS, and IaaS), the four deployment models (private through public), as well as on your tolerance for risk (see Chapter 3, Security Concerns, Risk Issues, and Legal Aspects).
Meeting the requirements for cloud data security entails applying existing security techniques and following sound security practices. To be effective, cloud data security depends on more than simply applying appropriate countermeasures. Taken collectively, countermeasures must comprise a resilient mosaic that protects data at rest as well as data in motion.
While the use of encryption is a key component for cloud security, even the most robust encryption is pointless if the keys are exposed or if encryption endpoints are insecure. Customer or tenant control over these endpoints will vary depending on the service model and the deployment model.
OVERVIEW OF DATA SECURITY IN CLOUD COMPUTING
It is understandable that prospective cloud adopters would have security concerns around storing and processing sensitive data in a public or hybrid or even in a community cloud. Compared to a private data center, these concerns usually center on two areas:
- Decreased control by the owning organization when data is no longer managed within an organization's premises Securing the Cloud
- Concern by the owning organization that multitenancy clouds inherently pose risks to sensitive data
In both cases, the potential risk of data exposure is real but not fundamentally new. This is not to say that cloud computing does not bring unique challenges to data security.