Testing for cloud security - What is the data focus of QA teams (Part 2/3)
In my early blog on testing for cloud security (http://www.infosysblogs.com/testing-services/2011/12/testing_for_cloud_security-_wh.html), I had discussed the security concerns of cloud adoption from an infrastructure standpoint. Now, let us take a look at what would be the focus of cloud security testing from a data perspective. Enterprises are highly concerned about the security of their data in the cloud. They are well aware that any sort of data security breach could lead to non-compliance, resulting in expensive legal law suits that could cause long term damage to the overall credibility of the organization
So from a data perspective, Cloud testing would need to focus on access controls and privileges that would in turn ensure that there are no loop holes for any accidental or intentional misuse of data. As clouds are shared environments which could mean one organizations data would be present along with another organizations data, as a first step, it is absolutely necessary that the data residing on the cloud is tested in isolation. As compliance rules and data privacy regulations vary for every region, special attention needs to be given to this aspect. Data testing on the cloud would also need to lay emphasis on scenarios where data needs to interact with legacy or existing non-cloud applications and scenarios that involve data migration. Ensuring the encryption of data under migration and residing on the cloud is also absolutely essential to ensure no leakages or misuse of data whatsoever.