Many organizations are looking to leverage cloud computing technology and cloud-based services today, but many have concerns about information security in these environments.

There are good reasons to have concerns, ranging from several high-profile failures and data breaches in the cloud, Amazon experiencing multiple outages in the last two years, and Dropbox admitting a recent security breach.

Security failures

While these security failures and concerns tend to be high profile, stoking fears about cloud security overall, there’s much to be said about new security services and capabilities in the cloud. For example organizations looking to detect and block Distributed Denial-of-Service (DDoS) attacks, new cloud provider companies offer security “in the cloud" that can help mitigate the threat. Traditional security vendors are adapting their products to work in virtual machine formats, and cloud environments randing from firewalls to intrusion detection systems.

"Many organizations are looking to leverage cloud computing technology and cloud-based services today, but many have concerns about information security in these environments."

Other vendors provide centrally-managed host-based security tools for cloud systems, while others — often called Identity-as-a-Service providers, or IDaaS — offer identity and access management services across a plethora of more traditional cloud services.

Promising tools

For organizations building private and hybrid clouds, there are tools available for encrypting entire virtual machines and managing keys internally, with strong role and policy management capabilities. Quite a few specialized virtual firewalls and other virtual appliances are available for products like OpenStack and VMware cloud technologies, too.

Organizations like the Cloud Security Alliance (CSA) are working to provide security controls standards, metrics, and reporting avenues for cloud service provid- ers and their customers alike.

There’s no getting the genie back in the bottle on cloud services. Fortunately, it’s not all “doom and gloom” on the security front, and will only get better with time.