August 3, 2018

Cloud security for R&D in Aug 2018

We are often asked about the security of cloud-based solutions for storing mission-critical information since cloud computing is initially perceived as a threat.

Concerns and Success Stories

Concerns and Success Stories

Introduction

We are often asked about the security of cloud-based solutions for storing mission-critical information since cloud computing is initially perceived as a threat. This writing is a brief attempt to explain our position, demonstrate that at present cloud computing is more than capable of facilitating secure access to data and computation even for most critical applications, and direct the reader to the policies we deploy to assert security for the users of Exabyte platform.


Concerns

Cloud computing revolutionized the way we store and interact with data in our daily work. We now take it as a must to have simultaneous access to information from many different devices scattered around the globe. Cloud service providers make it possible and seamless. The data stored by the cloud providers, however, is often of sensitive nature to businesses and research institutions. Moreover, such data rapidly increases in quantity. New security issues of practical importance appear as a result of this digital transformation [1–8]. These issues are related to the confidentiality, integrity, accessibility, and resilience to online piracy and malware attacks.

Examples

More secure??

There is a growing consensus among the global IT community that cloud computing has now become inherently more reliable and secure than traditional privately-owned data-centers in the same way that money is safer when mixed up with other people’s money in a bank vault than sitting alone in one’s dresser drawer [9, 10]. The largest cloud service providers such as AWS, Microsoft Azure and the Google cloud platform (our references of choice at Exabyte.io) have the means and resources to invest billions in maintaining and improving top-notch IT security protocols and infrastructure. They do it in a way that would be cost-prohibitive even for the Global 500 companies and completely unaffordable for most small-to-medium sized enterprises and/or research labs.

How is it possible?

For example, Microsoft has invested $1 billion and doubled its number of security executives over the course of the year 2015 alone. They also announced the launch of a new managed security services group and a new cyber defense operations center [11]. Similar policies are regularly being enacted by all other major cloud providers. Furthermore, providers have servers hosted in a variety of locations regionally and globally, which naturally preserves data better and more reliably than keeping it on-premises in a single location. Other advantages of clouds compared to traditional computing can be found in their superior performance and their lower operational costs as it was pointed out in a 2017 NASDAQ summary [12]. No wonder even the CIA now trusts Amazon Web Services to store some of its classified information! [13]

OK, but not for our data, is it?

Chemical and Energy sectors have so far been reluctant to adopt cloud computing because of the associated security concerns, however, such companies are increasingly eager to explore the field as Accenture reported [14, 15]. We believe that in the future the situation will change, and we base our conclusions on the modern day state of the computer-aided design industry, where 4 out of the 5 largest companies now use cloud for their Research and Development efforts [16]. Pharmaceutical industrial sector, first reluctant to adopt cloud computing too, is now rapidly changing its stance [17]. Lastly, some of the recent updates from Microsoft Azure partnering with British Petroleum and Chevron in storing mission-critical data point to similar conclusions [18, 19].

Our approach

We at Exabyte.io consider a confidential and secure experience for our customers our top priority. We use industry-standard strict security protocols, and the degree of data privacy and integrity protection we deliver has so far received universal acclaim by our users [20]. We are convinced that together we can extend the forefront of the cloud computing transformation currently unfolding [21], and apply it to accelerate the materials and chemical R&D.

You can find more information about our security policies, the analysis of cloud-computing related threats and our ways to mitigate them in our platform documentation.

Links

1. “The Treacherous Twelve” Cloud Computing Top Threats in 2016; report by the Cloud Security Alliance (CSA); (https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf)

2. A. Backe and H. Lindén: “Cloud Computing Security: A Systematic Literature Review”, Uppsala University (2015); (https://www.diva-portal.org/smash/get/diva2:825307/FULLTEXT01.pdf)

3. N. Dahiya and S. Rani: “Cloud Computing Security: a Review”, IJEDR | Volume 5, Issue 3 | ISSN: 2321–9939 (2017); (https://drive.google.com/open?id=163q_uWPVe1ZYEU6psjXXt2MW_WTazotl)

4. P.S. Naidu and B. Bhagat: “Emphasis on Cloud Optimization and Security Gaps: A Literature Review”; Cybernetics and Information Technologies, Volume 17, No 3 (2017); (https://drive.google.com/open?id=1jMMcn6jwob5R6MRrP7cCpjeh2MLovbN1)

5. M.F. Mushtaq et al.: “Cloud Computing Environment and Security Challenges: A Review”; (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, №10 (2017); (https://drive.google.com/open?id=1AbtjuaWA6eNcQ8Ylok8eVhgigzLl2_4N)

6. P.R. Kumar ,P.H. Raj and P. Jelciana: “Exploring Security Issues and Solutions in Cloud Computing Services — A Survey”; Cybernetics and Information Technologies, Volume 17, No 4 (2017); (https://drive.google.com/open?id=1VHOqqp_rw5w6diMet4PKuB8PkULN0Ds8)

7. G. Ramachandra, M. Iftikhar and F.A. Khan: “A Comprehensive Survey on Security in Cloud Computing”; Procedia Computer Science 110 (2017) 465–472; (https://drive.google.com/open?id=1fboYHk7KpU9ERjg_vc7IBXndv5CH02pZ)

8. Online repository of review papers on Cloud Security issues and solutions; (https://drive.google.com/drive/folders/1_OXl4t2v6nI545T_RS1Iz9-82ygbvlH1)

9. D. Linthicum: “Clouds are more secure than traditional IT systems — and here’s why” (2014); (https://searchcloudcomputing.techtarget.com/opinion/Clouds-are-more-secure-than-traditional-IT-systems-and-heres-why)

10. “Cloud security: Why clouds are more secure than your own datacenter” (2016); (http://ciosurvivalguide.com/blog/cloud-security-why-clouds-are-more-secure-than-your-own-datacenter)

11. K.J. Higgins: “Microsoft Invests $1 Billion In ‘Holistic’ Security Strategy” (2015); (https://www.darkreading.com/endpoint/microsoft-invests-$1-billion-in-holistic-security-strategy/d/d-id/1323170)

12. G. Pendse: “Cloud Computing: Industry Report & Investment Case”, Nasdaq (2017); (https://business.nasdaq.com/marketinsite/2017/Cloud-Computing-Industry-Report-and-Investment-Case.html)

13. A. McLean: “CIA to continue cloud push in the name of national security” (2017); (https://www.zdnet.com/article/cia-to-continue-cloud-push-in-the-name-of-national-security/)

14. Accenture: “Chemical Companies’ Cloud Strategies: Current Adoption and Future Plans” (2014); (https://www.accenture.com/t20151013T135810__w__/us-en/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_7/Accenture-Chemical-Companies-Cloud-Strategies-Current-Adoption-Future-Plans.pdf)

15. Accenture: “A New Era for Energy Companies: Cloud computing changes the game” (2012); (https://www.accenture.com/t00010101T000000__w__/fr-fr/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Technology_2/Accenture-New-Era-Energy-Companies-Cloud-Computing-Changes-Game.ashx)

16. R. Maguire: “Cloud Computing: Shaping the Future of CAD” (2017); (https://www.industryweek.com/cloud-computing/shaping-future-cad)

17. R. Mullin: “How the pharmaceutical research sector learned to stop worrying and love the cloud”; c&en, Volume 94, Issue 42 | pp. 26–30 (2016); (https://cen.acs.org/articles/94/i42/Cloud-computing.html)

18. V. Ho: “Chevron fuels digital transformation with new Microsoft partnership” (2017); (https://news.microsoft.com/transform/chevron-fuels-digital-transformation-with-new-microsoft-partnership/)

19. Microsoft reporter: “BP selects Microsoft Azure for company-wide platform as part of its modernisation programme” (2017); (https://news.microsoft.com/en-gb/2017/07/25/bp-selects-microsoft-azure-company-wide-platform-part-modernisation-programme-2/)

20. Security section, Exabyte.io homepage; (https://exabyte.io/#security)

21. B. Darrow: “How These Fortune 500 Companies Are Moving to the Cloud” (2016); (http://fortune.com/2016/07/19/big-companies-many-clouds/)

Thanks to Gabriele Mogni for his insights and input on this writing.