Risks and Benefits Of Cloud Computing
Cloud computing is here and virtually every organization is using it in some manner, shape, or form. Educating yourself and your people on the chances and risks associated with this technology is of the utmost importance. Let’s examine the opportunities presented by cloud computing, managing the risks associated with housing your sensitive information offsite, together with virtual computing environments, and vendor management factors as you research your cloud options.
“The Cloud” is an increasingly all-encompassing term to get a virtualized data technology (IT) computing environment where people and companies utilize applications and data saved and preserved on shared servers in an internet surroundings, instead of physically located in a user’s location. Google’s popular email program, Gmail, is an example of the cloud, but that is just one model. There are actually three cloud support models — infrastructure for a service, platform as a service, and applications for a service — set up in four kinds of settings — personal, public, community, and hybrid clouds.
Infrastructure for a support (IaaS) offers access to server hardware, storage, network capacity, and other fundamental computing resources.
Platform as a support (PaaS) provides access to basic operating services and software to develop and utilize customer-created software programs.
Software as a service (SaaS) provides integrated access to a supplier’s software applications.
Personal cloud is accessible by an intranet, internally hosted, and used by one company.
Community Cloud has infrastructure accessible to a specific community.
Public cloud is available from the internet, externally hosted, and utilized by the public.
Hybrid is a combination of two or more clouds.
Cloud computing provides a scalable internet environment which makes it feasible to handle an increased volume of work without impacting system performance. Cloud computing also supplies significant computing capacity and economy of scale that might not otherwise be affordable, particularly for small and medium-sized organizations, without the IT infrastructure investment. Cloud computing benefits include:
Reduced capital costs — Organizations can provide exceptional services employing large-scale computing tools from cloud providers, then nimbly add or eliminate IT capacity to satisfy peak and fluctuating service demands while only paying for actual ability used.
Lower IT operating costs — Organizations can rent added server area for a few hours at one time instead of keep proprietary servers without worrying about updating their tools whenever a new application version is available. They also have the flexibility to host their virtual IT infrastructure in places offering the lowest price.
Environmental security — The concentration of computing resources and users in a cloud computing environment also represents a concentration of safety hazards. Consult your own cloud provider about access controls, vulnerability assessment practices, and patch and configuration management controls to see that they are adequately protecting your information.
Data privacy and safety Hosting confidential information with cloud service providers entails the transfer of a considerable amount of a company’s control over information protection to the supplier. Make sure your vendor understands your company’s data privacy and security requirements. Also, make sure that your cloud supplier is aware of particular data security and privacy rules and rules that apply to your entity, including HIPAA, the Payment Card Industry Data Security Standard (DCI DSS), the Federal Information Security Management Act of 2002 (FISMA), or the privacy considerations of Gramm-Leach-Bliley Act. Consult your own cloud provider what controls are in place to guarantee internet connectivity. If a vulnerability is identified, you might need to complete all access to the cloud provider until the vulnerability is rectified. At length, the seizure of a data-hosting host by law enforcement agencies might lead to the disruption of unrelated services stored on precisely the exact same machine.
Record retention requirements — If your company is subject to record retention requirements, ensure that your cloud supplier knows what they are and so they can fulfill them.
Disaster recovery — Hosting your computing tools and information at a cloud supplier makes the cloud provider’s disaster recovery capacities vitally important to your institution’s disaster recovery plans. Know your cloud provider’s disaster recovery capabilities and ask your supplier if they been tested.
Assessing your choices
Many cloud supplier alternatives are available, each with unique benefits and risks. As you evaluate your options and the related dangers, consider the following
Cloud suppliers are sometimes reluctant to produce third party audit reports unless an audit clause is contained in the contract. Some hosts require customers to pay for reports
Some internal audit departments are performing control reviews of cloud providers, along with getting and assessing third party audit accounts. This is driven by certain controls not being tested, exception of applicable systems, or other aspect that need onsite testing.
Standard cloud supplier audit reports typically do not include vulnerability/penetration testing results. Providers are reluctant to allow scanning, as they believe this may compromise their own infrastructure.
Cloud computing is a popular format and we don’t see this changing anytime soon. Knowing that you’re managing the risks related to housing your sensitive data offsite will give you assurance with the stage, so that you are able to benefit from the opportunities presented by the cloud.