Tuesday, January 24, 2012

SECURITY RISKS OF CLOUD COMPUTING II

This article is a continuation of last week’s article in which we concluded that due diligence should be conducted before subscribing to cloud computing provider.

Cloud computing is basically the use of computing resources, like applications and servers, as a service (Software as a Service). This means that a cloud computing provider provides access to computing resources when needed and the client is charged for this usage.

Any business that subscribes to cloud computing has to consider a few security risks. Any cloud computing firm that you use should, at the minimum, have appropriate certifications like ISO27001. These certifications ensure that their internal controls are in place and maintained against insider attacks.

Any firm that outsources should also ensure that their data is backed up. Backing up should not be taken for granted and it is the responsibility of the client to ensure that the provider makes redundant copies and restoration can be successfully done.

Businesses that outsource should not put all their digital eggs in one basket. Outsourcing to one cloud provider effectively means that should anything untoward happen, applications and information will be at risk. This risk can be mitigated by disintegrating your dependencies. Using a redundant storage provider will enable crucial data to be stored by different vendors and in different locations.

Data commingling is another risk that businesses which outsource to the cloud should be aware of. Cloud providers run many applications and handle data for many client organizations. Data therefore commingles in the same databases and servers separated only by the software itself. This is a security risk in that a flaw in the code could be exploited to allow access to other data. It is therefore advisable to ensure that segregation is done and maintained by the cloud provider.

Data migration procedures are also very important. As a business that outsources to the cloud it is important to ensure that procedures are in place that allow and ease the migration of data. Data migration is the extraction of data so as to re-use it. The procedures for this should be clearly established and the cost should not be prohibitive.

Finally any business that outsources its applications and data should have clear Service Level Agreements (SLAs) with the cloud provider. Just like any other third party service provider. the SLA with the cloud provider should have clear parameters for performance, change management, liability, access and provisioning.

No comments: