MicroPower Systems

In 2008, cloud computing became the buzz topic in the IT community. The opportunity of having access to a “limitless” arena of shared resources and software is attractive to many users and businesses, and the savings on storage, redundancy, and maintenance are noticeable. However, as the technology has grown, so have concerns with how secure the “cloud” actually is.The earliest researchers divided the security issues into three major areas: “Security and Privacy”, “Compliance”, and “Legal and Contractual Issues”. “Security and Privacy” concerns focus on the actual vulnerability of the data, along with business continuity, identity management, and disaster recovery issues. “Compliance” issues deal with the regulations for storing data like credit cards and health information. Finally, “Legal and Contractual Issues” are those which concern liability for data loss, the ownership of intellectual property, and end-of-service terms.The Cloud Security Alliance was formed near the end of 2008 at the ISSA CISO Forum in Las Vegas to attend to these issues. In December 2009, they published the second version of their publication, Guidance for Critical Areas of Focus in Cloud Computing. Meanwhile, developers have been coming up with open-source technologies to deal with some of these issues. Sun Microsystems in particular developed an OpenSolaris VPC Gateway, which creates a secure link to a private cloud in Amazon’s Elastic Compute Cloud. Other tools created by the company include Immutable Service Containers, Security Enhanced Virtual Machine Images, and the Cloud Safety Box, which provides a way for users to compress and encrypt the data in their clouds.Cloud security got a rude awakening in early February when a group of Brazilian hackers called the Red Eye Crew broke into 49 Congressional House sites after Obama’s State of the Union. This has raised concerns about the government’s use of cloud computing, although others maintain that this was an exceptional case.