Latest Technology News Today – Get Latest Information Technology Updates and Services Latest Technology News Today – Get Latest Information Technology Updates and Services 
Contrary to popular belief, moving applications to the cloud won’t make your application security responsibilities disappear. Security is definitely a doubt, but all is not under the cloud (so to speak), and there are definitely some silver linings even to this threat and as Srikanth Karnakota, Director – Server and Cloud Business, Microsoft India says, “With more and more organizations adopting cloud applications to unlock competitive advantages, a unique set of security concerns regarding visibility, control and protection of critical company data has surfaced.”
Apps in the Cloud should be secured via well-know best practices such as choosing secure passwords, encrypting communications across machines, SQL injection prevention, etc. “A good Chief 
Security Officer can put together an effective security plan. If your company cannot afford the services of a full-time CSO, there are companies (such as Ness) that sell CSO-as-a-service, i.e., they will take responsibility for managing your company’s online security,” says Moshe Kranc, Chief Technology Officer, Ness Software Engineering Services (SES).
Is data security in cloud a challenge?
Yes – see the current headlines about the Panamanian bank leaks. Hackers are smart, and they have business plans that attract them to high-value data. So, if you have confidential or sensitive data, the public Cloud may not be the place for it. In some industries, e.g., banking, you may also face regulation that forbids putting unmasked customer data in the Cloud.
There is no doubt that maintaining security and privacy of data on the cloud is a primary challenge. As Atul Batra, CTO – Manthan Systems, adds, “Security and data privacy associated with putting data on the cloud is one of the largest perceived risks associated with running analytics on the cloud. But, much to the contrary, cloud can in fact be a catalyst for better security, and provide a more secure environment compared to running your own private data center and applications. For example, public clouds today have the highest level of Industry certifications and compliances which will be hard to match by privately owned infrastructure. Cloud based Analytics applications today adhere to the most hardened security and data privacy practices.”
However, it is not so simple in real life usage. Says Garima Rai,Head of Marketing, Inside View technologies “Candidly speaking, this is an area that needs to be dealt with more carefully and holistically. There are preventive measures in place but a fool-proof solution that guarantees 100% security is something I would look forward to in the near future. However, security and privacy risks can be minimized to a great extent by use of data encryption and back-up, better SLAs from cloud service providers, and due diligence from users.”
Yes, adds, Moshe Kranc,” Yes – see the current headlines about the Panamanian bank leaks. Hackers are smart, and they have business plans that attract them to high-value data. So, if you have confidential or sensitive data, the public Cloud may not be the place for it. In some industries, e.g., banking, you may also face regulation that forbids putting unmasked customer data in the Cloud.”
Batra has recommendations about the security cover for analytics apps. In his opinion, the best way to deal with them is on multiple levels and as a combination of several strategies. As far as infrastructure security is concerned, “Public cloud providers such as AWS, Microsoft Azure, etc, have highly secure cloud data centres that conform to the most comprehensive industry practices, standards and certifications. Further, with the usage of Virtual Private Clouds (VPCs), customer specific deployments have the option of running inside a fully isolated and secure environment, that further partitions the application architecture into private and public sub-nets governed by access control lists, security groups, etc, that provide a highly security and encrypted environment for running analytics,” he says.
For applications on the cloud to be secure, the best way forward is to adhere to stringent penetration testing and security industry best practices and rules. “Access to the application is provided via secure SSL transport. Identity and access control can be governed by integrating application access to existing corporate identity management systems like Active Directory (AD) and LDAP,” Batra adds
While data security anywhere is a challenge, on the cloud, this challenge takes bigger proportions. Compliances, however, could ensure a fair fight, “there are a number of industry compliances and certifications that are adhered to by cloud infrastructure and applications running on top of it, including but not limited to ISECOM’s Open Source Security Testing methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP), U.S. National Security Agency (NSA), and ISO 27001 Information Security Standards,” says Batra. “At Manthan, Data is secured at both rest and in motion, using the highest level of Industry encryption including AES-256 as well as usage of SSL for transport.”
So data security is certainly a challenge to mitigate. But as Garima Rai says,”… when it comes to trusting regulated content to cloud-based apps there are genuine concerns that need to be resolved at priority. Until we have a fool-proof solution to this challenge it’s crucial to have a cloud adoption plan that classifies data and ensures judicious use of both private and public cloud. Choosing a trusted cloud partner is also a key factor.”
