Cloud Computing: Boon Or Bane?

Cloud computing has taken the IT world by storm, fundamentally changing the way organizations approach IT. The cloud has brought promise of financial and business benefits including reduction in IT capital and operational expenditures. Yet, as with any new technology, cloud computing has been associated with a number of security risks.

By Arvind Benegal and Thiru Annadorai
Tue, September 21, 2010

CSO — Cloud computing has taken the IT world by storm, fundamentally changing the way organizations approach IT. The cloud has brought promise of financial and business benefits including reduction in IT capital and operational expenditures. Yet, as with any new technology, cloud computing has been associated with a number of security risks.

Slideshow: 5 Things We Love/Hate About Cloud Management Tools

While the cloud continues to evolve and address these security & compliance requirements, organizations are left to wonder if cloud computing is a boon for IT value optimization or bane for enterprise risk management. What should be considered, however, is that amidst the backdrop of the current security risks, there are also a number of security and risk management benefits that the cloud can offer.

Cloud Security: Ten Questions to Ask Before You Jump In
Defining Cloud Security: Six Perspectives

Opportunities are the Face of Risks

Many of the security risks associated with cloud computing are not unique to the cloud due to the nature of the underlying infrastructure. The cloud can be exposed to risks from poorly defined and implemented policies and procedures, flaws in infrastructure security, physical & environmental security, disaster recovery, personnel security and IT operational security. The cloud can bring new dimensions to some of these existing threats while also introducing new risks.

Also see 'Cloud security: The basics' on CSOonline.com

Some of the inherent risks are related to data theft, leakage or destruction due to co-location of data, spread of malicious activities and malware infections to multiple customer environments. However, there is also the risk of choosing a low-grade service due to cost limitations. Since cloud is a utility model, cloud consumers may have the tendency to sacrifice security features and offerings in order to reduce the costs further, putting themselves in jeopardy.

Another major challenge commonly found is security awareness among the staff of a cloud provider that has its presence in multiple countries. In these instances, users may find that a provider's culture, perception of risks and needs for security and privacy vary with local regulations, or the lack there of. The cloud needs to have 24x7 operations to service customers across the globe, and must offer the optimal value to its customers by dynamically pooling and allocating resources, depending upon peak usage & traffic patterns and time of day. The cloud is meant to be in motion constantly and so is your data.

In a typical outsourcing situation, it is easier to locate data within networks of a selected vendor and restrict access to the data. Verifying vendors' compliance with the contractual requirements and local regulations regarding data protection, etc., are relatively less challenging when compared to a cloud environment where it is hard to restrict the movement of one's data.

Continue Reading

Originally published on www.csoonline.com. Click here to read the original story.
Our Commenting Policies