Tonight I was reading on the challenges of cloud computing. I’m not sure how these “security issues” with the data center cloud get blown into these kinds of issues.
The first issue is that cloud providers place several customer’s data on the same physical machine and security policy may require that the information be kept separate. First, this is the very nature of how the cloud works. If you insist on having a dedicated physical machine, don’t use the cloud, it’s that simple.
Next thing is to get over the idea that somehow the cloud virtual machines are different functionally than a dedicated server. Just because the virtuals share a physical machine doesn’t mean they can interact with each other any more than physically separate machines do, nor can they access storage other than what belongs to them.
The second issue is that, because the virtual machines can be dynamically moved between hosts in the cloud, you can’t know where your data physically is stored. In the case of our own cloud, regardless of what host is running the virtual, the data is always stored in the same physical location. The virtual may move but the storage for it doesn’t.
Of course, wherever the virtual machine storage is, the data center cloud operations people could certainly physically lay hands on it (it’s not like it drops into a black hole). As with the first issue, if the data needs to be where you can personally lay your hands on the physical device containing it, don’t use the cloud, period.
The end result of this is that, if you require your virtual machine to run by itself on a dedicated piece of hardware, if you require your own direct control over the physical host server’s virtual network switch to enforce your own policys, then the cloud isn’t the place for you. It’s more important to know what the cloud shouldn’t be used for and nuclear code grade security is one of those things.
For the rest of us, keep the software versions of the virtual machine up and follow good system admin practices and you won’t have to worry about cloud security.
Vern, SwiftWater Telecom