August 01, 2012
Recent cloud computing surveys share a similar tone regarding user perceptions of the technology. While enterprise managers look to cloud as a cost-savings measure, IT professionals are squeamish when it comes to moving sensitive data offsite. Indeed, privacy concerns are leading users to think twice about migrating their applications to cloud services.
Eosensa, a governance, risk and compliance advisory service provider, addresses these issues in a recent report: "Protecting Sensitive Data in the Cloud."
The authors discuss how various methods of encryption and tokenization can better secure information stored in public clouds. For example, the FIPS 140-2 spec, described by NIST as a strong encryption type, is required for products that use government encryption and is suggested for use on data stored in SaaS applications.
Tokenization is another form of data security that is aimed at answering residency issues, which arise when servers store only a portion of the data. The technique is used to reduce the scope of compliance management and auditing for SaaS applications.
Will these solutions convince potential users of cloud services that their data is safe? What about the preying eye of government?
Earlier this year, HPC in the Cloud wrote about a report published by international law firm Hogan Lovells. The study compared the laws of 10 countries in respect to government access of cloud-based data. While the US was typically considered the worst offender of data privacy, other countries had implemented similar, and in some cases, harsher tactics. These nations included the United Kingdom, Germany, France, Spain, Australia, Canada and Japan among others.
In every case, the state could require cloud service providers to disclose customer data during the course of a government investigation. They also had access to monitor electronic communications sent through a cloud provider's systems. France stood out for its power to compel encryption service providers to hand keys over to government officials.
While services like Eosensa may assist users with data encryption and compliance requirements, they cannot guarantee a risk-free environment. Their service may even lead users to experience a false sense of security, at least as far as government interception is concerned.
Encryption and tokenization are important methods to increase data privacy, but governments hold the highest authority on the matter. Without new legislation reducing the power of government access to cloud-based data, no vendor can guarantee the security of their clients' information.
Large-scale, worldwide scientific initiatives rely on some cloud-based system to both coordinate efforts and manage computational efforts at peak times that cannot be contained within the combined in-house HPC resources. Last week at Google I/O, Brookhaven National Lab’s Sergey Panitkin discussed the role of the Google Compute Engine in providing computational support to ATLAS, a detector of high-energy particles at the Large Hadron Collider (LHC).
Frank Ding, engineering analysis & technical computing manager at Simpson Strong-Tie, discussed the advantages of utilizing the cloud for occasional scientific computing, identified the obstacles to doing so, and proposed workarounds to some of those obstacles.
The private industry least likely to adopt public cloud services for data storage are financial institutions. Holding the most sensitive and heavily-regulated of data types, personal financial information, banks and similar institutions are mostly moving towards private cloud services – and doing so at great cost.
05/10/2013 | Cleversafe, Cray, DDN, NetApp, & Panasas | From Wall Street to Hollywood, drug discovery to homeland security, companies and organizations of all sizes and stripes are coming face to face with the challenges – and opportunities – afforded by Big Data. Before anyone can utilize these extraordinary data repositories, however, they must first harness and manage their data stores, and do so utilizing technologies that underscore affordability, security, and scalability.
04/02/2012 | AMD | Developers today are just beginning to explore the potential of heterogeneous computing, but the potential for this new paradigm is huge. This brief article reviews how the technology might impact a range of application development areas, including client experiences and cloud-based data management. As platforms like OpenCL continue to evolve, the benefits of heterogeneous computing will become even more accessible. Use this quick article to jump-start your own thinking on heterogeneous computing.