Cloud computing is undoubtedly one of the biggest breakthroughs
since e-commerce. This assertion is yet to be proved but clearly
this new computing model is transforming the way IT services are
provided, consumed, and managed. Unlike many other technologies,
cloud computing has evolved in response to customer needs for
better, faster, and cheaper methods of managing Information
Technology. Individual customer demand defines the level of
services, applications, storage, and availability that the cloud
delivers. Technology rarely evolves based purely on customer needs,
but cloud computing appears to be an exception.
Cloud computing has taken on multifaceted definitions as it
relates to many different types of IT customers. For the
line-of-business executive, cloud computing is a buyer-centric view
of technology in which applications are available through purchase,
rentals or development. For the CFO, the cloud offers an approach
to consume technology in a pay-as you- go model that delivers the
cost benefits of variable pricing without a costly investment in
hardware. And for the CIO, cloud computing provides a comprehensive
virtualization model for technology that stretches from
infrastructure design through application testing and delivery.
Combine them, and it seems quite evident that cloud computing holds
significant potential for dramatic savings in operating costs while
ensuring new efficiencies in delivery of IT services. However,
there are risks to be addressed before one can indulge in
euphoria.
Typical Risks in Cloud Computing
The risk factor often is high at the time of consideration of
any new technology that touches enterprise data and applications.
It essential for any business to be aware of the inherent risks in
cloud computing. The typical risks in cloud computing are
availability and reliability of services, data privacy, data flow
and data classification and compliance with regulatory
requirements.
Mitigation of Risks by cloud service
providers
The reality and highly public profile of security lapses has not
escaped the attention of top-tier cloud service providers. During
the past two years, the focus has been on implementation of
critical controls and deployment of technology solutions that aim
to mitigate risks to reach a level of security that is trustworthy
for critical data and applications. The mitigation measures adopted
by various service providers are:
• Identity and Access Management
• Intrusion Detection System
• Application Vulnerability Assessment
• Network Vulnerability Assessment
• Security against traditional attacks such
as denial of service, IP spoofing, botnets etc
• Data encryption
• Globally recognized security
certifications such as ISO 27001
• Third party independent audits such as SAS
70