Cloud
computing is the technique of using multiple server computers which are
connected via a real time communication network as if they were one. To
understand this concept further, consider a scenario where you have to onboard
many resources from different countries for a large scale project. Now all of
these resources would need applications / softwares specific to this project
and also documents will have to be shared with them. Email services provide
constraints in such case where there is a limit to the file size you can send. The
solution to all this is using a cloud computing service where all the files can
be shared and can be accessed from any computer in the world. So with the use
of a single service, many different files can be accessed from multiple locations.
What are the risks in Cloud Computing?
Though
cloud computing seems and in many ways is a very feasible and efficient option,
there are many risks involved which must be highlighted.
Below
mentioned are some of the risks identified:
- Physical
data / Logical security threats: The
physical setup of the server as well as the logical system security is
dependent on the service provider. The responsibility and control of the data
is with the cloud computing provider and hence this may serve as a risk for
organizations with sensitive data on cloud. Since the data is stored with the
external provider, the security of the data is not guaranteed. This would
depend on the control measures implemented by the service provider
- Dependency on cloud computing provider: The
organization may become dependent upon the provider. Disaster recovery and
business continuity of the organization will be in the hands of the provider.
- Difficulty
in migrating data: If
the organization decides to change the cloud computing provider for some
reason, then to migrate all the data to another provider is an additional
effort and may be difficult.
- Cloud
computing provider goes out of business: The
organization must consider a rather rare scenario where the provider goes out
of business.
How to manage risk in Cloud Computing?
The
above risks may give an impression of Cloud Computing being a very unsafe
option, but if appropriate measures are taken, these risks can be mitigated as
Cloud Computing is very widely used today and we do not foresee this changing. Listed
below are a few measures to mitigate the risks:
- Before considering various providers for Cloud Computing, it is important to perform a thorough risk assessment in order to understand the risks involved in migrating your organization’s data to a third party.
- It is important to have suitable agreements in place with the service provider in order to safeguard against certain risks (for eg. An SLA must be signed to list down the responsibilities of each party). These agreements must have details such as how the data is protected and who can access it.
- The organization needs to know the physical location of the data, the access controls in place and which data encryption technologies are being utilized. The organization must ensure that the provider has certain authentication and authorization techniques in place. Preferably, sensitive data must have multiple layers of security.
- If the data is stored in another country, then regional or other laws might apply.
- Organizations must make sure that vulnerability assessment practices are implemented and performed.
- The cloud provider’s disaster recovery capabilities must be known and also tested by the provider himself.
- To verify all the above points are adhered to by the provider is not always practically possible. Hence organizations must consult third party audits to verify the same. The audit clause must also be included in the contract.
Cloud
Computing is a thrilling development for IT ventures with many benefits, but it
also brings many challenges in picture for protecting organization’s data. The
risks involved must be accurately identified and managed, hence striking a
perfect balance between taking advantage of the opportunities offered by Cloud
Computing and protecting organization’s data.
About Author:
Kintu Racca is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at: kintu.r@spluspl.com
Really very informative and creative content. This concept is a good way to enhance knowledge. Thanks For Sharing.
ReplyDeleteCloud Migration Service