First, let’s dispel the idea that there’s a special brand of security, “Cloud SecurityTM,” that’s materially different from other kinds of computer security. There are new considerations for cloud infrastructure and cloud-hosted applications, but securing any kind of computer system is about minimizing the risk of unauthorized access to that system. It’s easy to think of computer security as a kind of checklist; after checking all the boxes, our system is secure (“passwords, check … firewall, check … network monitor, check … okay, we’re secure now!”). Security is not a feature, though; it’s a process. There are principles to apply and tools to use as part of that process, regardless of where a computer system resides.
With cloud infrastructure, the first step in the process is ensuring that you trust the provider. Amazon, for example, publishes complete descriptions of their security setup, including the different security standards with which they are in compliance (of course, it also helps that they’ve established an excellent reputation). The computer systems they provide through their Elastic Compute Cloud (EC2) service are completely inaccessible to the Internet by default; we as users must consciously expose those systems to the Internet.
The next step is understanding the shared responsibility inherent in a cloud infrastructure. Amazon can ensure our systems are physically secure, make them inaccessible to the Internet by default, and provide all of the necessary tools to keep them secure, but it is incumbent upon us to take responsibility for understanding and using those tools correctly.
For example, StackWave‘s computer systems (StackWave specializes in the development of software for biotechnology and pharmaceutical companies) are secured and protected in Amazon’s state-of-the-art data centers, which employ electronic surveillance, multi-factor access control systems, and trained security guards. StackWave then further secures the applications and data that live on those systems through Amazon’s network firewall, as well as operating system and application firewalls. These applications are password-protected and use role-based access controls, and passwords are stored using strong hash algorithms. Each application emits detailed log files auditing the behavior of that application, and access to those log files (and the computers on which they are stored) is limited to a very small group.
These principles are built into any robust system, including the StackWave Platform which is the foundation of StackWave’s software systems and processes. There are now new applications for laboratories looking to manage their processes, productivity and quality which employ these features to protect users’ data. By further leveraging Amazon’s cloud infrastructure, computer systems that previously cost tens or even hundreds of thousands of dollars per year become much more affordable. Hosting applications in the cloud also provides enormous advantages in convenience; if your applications and infrastructure are Internet-accessible, you can leverage or manage them from anywhere at any time.
Co-founder and Principal at StackWave and Co-founder of LabGauge, Daniel Goldman has over a decade of experience building software, primarily focused on database and server design and development. Mr. Goldman is particularly interested in software systems that can be rapidly adjusted to facilitate the changes in workflow and data models so essential to keeping systems current with R&D processes. In his words, “software should make it easier to do great science.”