Official website for Linux User & Developer
FOLLOW US ON:
Jul
20

Is the Cloud without risks?

by Christian Baun

Lots of people fear the cloud because of security and privacy concerns. Christian Baun asks if it’s safe to use cloud services and offers nine common-sense tips for saving your data on and around cloud services…

This article originally appeared in issue 89 of Linux User & Developer magazine. Subscribe and save more than 30% and receive our exclusive money back guarantee – click here to find out more.

Get your first digital copy of the magazine for iPhone and iPad free – just search for ‘Linux User’ on the Apple App Store now! twitter follow us

Think about migrating your data and services into the cloud. This sounds dangerous to you? Think about the horror stories. All your data is lost and the services are not available. Fairy tales you might think.

In February 2008 Amazon S3 crashed and the whole of Amazon S3 stopped for a few hours. In March 2009 a bug inside Google Docs had allowed unintended access to some private documents. Some people with cloud concerns ask, “What if my documents, stored by the provider of the web office (eg Google Docs) are lost?” Different question: what if your laptop is stolen or your hard disk crashes? If you are using cloud services or not, it’s always a good advice to have a backup of your data.

The tools and best practices to secure your data and improve the level of availability of your services are the same when using non-cloud services:

1. The data inside your virtual infrastructure inside a cloud IaaS can be secured when storing them inside TrueCrypt (www.truecrypt.org) containers.
2. Data transfer between you and your cloud services should be secured via SSH.
3. If you want to migrate your complete IT infrastructure into EC2, or a similar IaaS such as Rackspace (www.rackspace.com) or
GoGrid (www.gogrid.com), it’s a good advice to have the important services redundant. It’s easy to start more machines and use virtual load balancers.
4. Keep your data redundant too. Storage in the cloud can be combined to a virtual RAID 1 to improve the level of availability.
5. Try to keep your virtual machines secure, the same as you would do at home. Have the latest security patches installed. Use an up-to-date kernel. Keep the ports closed and stop the internet services you don’t really need.
6. When using a cloud platform (PaaS), back up your source code locally and keep your code. This way you could run your software at a different place at any time.
7. Have a (local) backup of your important data.
8. When using existing images inside an IaaS, look who built this image. Is the image from a trustable source (eg the provider of the IaaS services)? Otherwise, a rootkit or backdoor could be installed.
9. Keep your credentials (access key and secret access key) secure – otherwise anybody could utilise cloud resources and you have to pay them.

These hints can be used exactly the same when not using cloud services and they prove that it’s not very dangerous to use cloud. Or do you install non-open source software from sources you can’t trust? And you keep your credit card numbers secure all the time? And you do backups of your local data, don’t you?

You can find more opinion columns from the writers of Linux User & Developer here, or click here to see what else was in issue 89…

  • Tell a Friend
  • Follow our Twitter to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
    • Jakob Staerk

      Making critical services and data redundant can be very difficult in an cloud environment, because you don’t know the physical environment. In a “private” environment where you know the environment you can plan for not having single point of failure, but how do you do that in the cloud environment ?

      One option is to have a “private” copy of both virtual machine images and data, combined with a disaster recovery plan for bringing you business up in a “private” environment or in another cloud environment.

      One last thing is that you might don’t know where you data is located (in which country) and depending on the type of data (financial, credit card or employee information), that could be a legal issue.