Seven Cloud-Computing Security Risks

  • Article

Mike Walker's Blog - Cloud Computing

In a recent article on Network World they highlight security issues with the cloud. Jon Brodkin extracts his thoughts from a Gartner report titled “Assessing the Security Risks of Cloud Computing.” If you had seen my last post on Challenges moving to the Cloud you can see many synergies with our thoughts.

Key Nuggets in the article include:

  • Gartner defines as a type of computing in which “massively scalable IT-enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies.”
  • Ask questions related to the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that’s been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.
  • Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider.
  • Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,” Gartner says
  • Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event.

There is an emerging trend with the challenges associated with Cloud based computing, it is less about the technology rather more about the business and operational sides of solution development. Even here when we talk about security there is very little mention about security protocols, encryption, authentication providers and so on.

Just like with any other architectural decision, there is a trade-off when moving your applications/services outside the firewall.  Enterprise should take the lessons learned from the previous models like B2B, ASP or Managed Services. These previous methods ran into the same challenges and I would bet that there are some lessons that can be learned by digging up the past.

For more see: https://www.networkworld.com/news/2008/070208-cloud.html