Is data security a concern to store data on the cloud?

5 min readSep 15, 2021

Introduction: -

Cloud computing is important not only in business but also in day-to-day life. It is safer and reliable. Cloud computing has helped small and medium-size Enterprises as it is efficient and affordable. It is not easy to have an own infrastructure as it has a lot of maintenance and costing. Cloud vendors provide you the infrastructure and they have a smooth structure that is also easy to set up. Cloud vendors provide three types of services SAAS, PAAS, and IAAS. Using cloud computing it is easy to scale up and scale down the resources, it is easy to set up and you pay only for the resources that you have used.

Can sensitive data be stored on the public cloud? The major concern in adopting the cloud for data is security and privacy. An enterprise needs to maintain data integrity and protect the data. Security of data is important as any breach in security can lead to the loss of assets. Large enterprises still use the traditional method to store sensitive data as it is on-premise and is not shared publicly.

Risk and Concerns in the cloud: -

Virtualization: -

Cloud computing enables you to virtualize your resources and access them from anywhere but the risk of allocation and de-allocation of resources and compromising of hypervisor is associated with it.

Multitenancy: -

Cloud computing enables shared access. A single failure in a system can exploit all the user data as the data is stored centrally it is also a target for the hackers. A slight breach can cause data exposure.

Security Challenge’s in the cloud: -

1. Malicious attack from management internally

2. Insecure or incomplete data deletion

3. Lack of appropriate governance

4. Lock-in

5. Isolation failure

6. Data interception

7. Compromise of the management interface

Types of Data: -

Data at rest

The data that is stored on the cloud is known as data at rest. This type of data can be secured by using a virtual private cloud or hashing depending on the type and use of the data. Data at rest includes both backup data as well as live data.

Data in transit

The data that is getting transferred over the internet is known as data in transit. During the transfer of data, there are chances of data getting interrupted. Eavesdrop of data can happen and the data can also be changed. The biggest and the best strategy to ensure security is the encryption of data.

Confidentiality and integrity of data are based upon the nature of data protection techniques used, procedures and processes.

Protection methods

1. Encryption

Different types of encryption are used for data in transit and data at rest. Because data at rest can stay for a longer period whereas data in transit has a shorter period.

Types of Encryption

1. Block Cypher: — in this method a block of text is encrypted.

2. Steam cipher: — encryption is done bit by bit. It is faster as compared to block cipher but vulnerable to serious security.

3. Hash function: — this method is used to encrypt the data but it cannot be decrypted. This type of encryption is used to store passwords.

2. Multi-factor authentication (MFA)

In case, when Multi-factor authentication is implemented the user needs to provide two or more two passwords to gain the access to the resources. It is the component of identity and access management. In AWS when Multi-factor authentication is implemented user needs to provide the password as well as the OTP to gain the access to the cloud console. Using multi-factor authentication adds an extra layer of protection to the cloud.

3. Access Management

Limiting access to the users is also one of the important major to protect the data. When the access is limited only the users that have permission can access the data or view the data. The access policy can be set so that the data can be protected.

Access management can be done using various methods: -

1. Using strong password

2. Using salted password

3. CAPTCHA during registration

4. Unique token

5. Lowest timeout for inactive session

6. Server-side authentication for sensitive data transfer

7. Validating message in the backend to avoid reply attack

4. Secure backend services and platform

1. Implement Protected Backend API’S or facilities

2. Secure data allocation between the cloud and web-server back- ends and other external interfaces

3. Server and infrastructure inurement

4. Maintain and monitor application server logs

5. Access control for cloud platform

5. Virtual Private Cloud (VPC)

It is a virtually hosted cloud environment like a public cloud but the difference is that there is a firewall in between enterprise and the cloud. Only the allowed members i.e. allowed internet protocols can access this cloud. This kind of environment can be set up by using a Virtual private network.

Fig 4: -Virtual private cloud architecture

Conclusion: -

We can securely store data on the cloud by implementing data security majors such as encryption, multi-factor authentication, access management, securing backend, and implementation of virtual private cloud. We can also transfer data securely over the cloud by implementing proper encryption.