Security is supposedly the most important aspect which can be both the main driving force in promoting the deployment of cloud technologies as well as its largest counter-argument. Data and applications placed in the cloud must be rigorously protected. Centralized protection through robust and powerful security tool is highly effective and reliable tool for protecting sensitive data. Despite this security, many users have concerns about the vulnerability of data storage. However, it is threatening that hackers bypass security measures and gain access to sensitive data of the client. Experience shows that the probability of damage or deletion of data by the users is statistically greater than the likelihood of theft or data corruption by hackers. Cloud services providers invest heavily in monitoring and ensuring its infrastructure in order to reduce the risk of theft or damage of data. Safety and security aspect becomes even more significant importance, particularly with regard to access to applications via mobile devices. Computer networks are usually protected by security tools (antivirus, firewall), with mobile devices (phones, tablets) is this form of security rather exceptional.
But security is the most frequently reported reason for which companies are hesitant to using cloud services. Many corporate customers are conservative but do not really identify themselves with the technological innovations. Providers of cloud technologies currently have solutions with a high level of security. Even solutions based on encrypted data storage on a physical level data storage so that an unauthorized person has access rights (e.g. administrator, operator cloud services) cannot misuse these data, as the data in the encrypted form without the appropriate key are unusable and the key is the exclusive customer´s ownership. Currently, the combination of encryption and authentication is used.
- Encryption – encryption of data. Key necessary for decoding the data is indeed frangible indeed, but the size of the currently used encryption keys require large computing power and a very long time to break them.
- ID and password authentication. The client defines the list of users who are authorized to access the data, most companies have defined multi-level approach to their data.
In terms of security costs of IT solutions, the same reasoning holds true as for the level of availability – the higher the required security level, the higher the cost. In traditional IT all the security measures must be implemented by the customer at his own expense, in the case of cloud-based solutions, the required level of security is included in the amount of the periodic fees for cloud services.