Security

The Pros & Cons of Cloud Computing, and is it Secure?

Remember, our simplified definition of cloud computing consists of shared computing resources that are virtualized and accessed as a service through an APL.

The Pros

1- Costs/capital expenditures
If cloud computing is right for your company, then major cost savings can be seen in buying and maintaining the needed infrastructure, support equipment, and communication costs. The vendors and/or service provider, who charge the users a utility or user type fee, own these costs.
2- Scalability
One of IT’s biggest problem is the constant need to add more equipment to keep up with the growing demand of accessing, storing and analyzing information by both internal and external users. One example is in the data center where adding servers is a major cost issue (actually power for the data center is the number one issue, but it is related to the growing need for items like servers). Since cloud computing is virtual, one can expand or contract equipment/infrastructure as demands change.
3- Start – up
Since the cloud (theoretically) contains the infrastructure and applications, all one just needs to do is “dial” in to the cloud. One can start using applications immediately versus a customary installation, testing and then providing access to the appropriate user community. (Training is assumed to a constant.)
4- Business Applications
Again, the cloud (actually the vendors and/or service providers) through contracts (Service Level Agreements -SLAs) provides numerous business applications for any user who is their client. Again like scale, enterprises only need to know which applications they need to run their business and understand what is actually provided to have access to various business applications. (Training is assumed to be a constant.)
5- Flexibility
Since cloud computing is a virtual offering, a user has the flexibility to choose, on a regular basis, the applications, amount of bandwidth or the number of users by basically modifying his user contract and increasing or decreasing costs at a known rate or factor.

The Cons

1-SLA Agreements
This is the tricky and most important one. SLAs can be very involved and it really leaves the onus on the user to understand and define all requirements in specific detail, and more importantly understand what one is getting in the terms of support, performance, security, etc. A good example is quality of service; one should understand what is offered and what the recourses are if the specified quality is not maintained.
2-Performance
Performance guarantees are usually part of the SLA document, but I have singled this one out because it is critical to maintain the performance (uptime) one needs both for internal AND external users. Understand if the performance guarantee is defined as an average or just during peak times versus a “uniform” performance. If performance is compromised, it can impact many things including revenue and your company’s goodwill.
3-Vendors
Not all vendors are created equally! Many vendors are claiming to provide cloud computing, but in reality, they are just providing a specific service, or a specific application or worst they are a middleman and provide no value-add at all. As I sated in my previous posting, one needs to understand the difference between cloud computing and hosted services or managed services or seemingly some form of virtualization. My best advice is to definitely get with reference customers and see if they model what you would like from the cloud.
4-Security
We all know that the internet has some security issues and since the cloud utilizes the internet coupled with applications infrastructure and support, users should be aware of the potential for new threats and increased risk exposure. It is important to include your firm’s risk tolerance in any decision to move to cloud computing, as not all the security issues are understood, and new ones will arise.
5-IT Staffing
If one does utilize the cloud, then make sure one understands the vendor staffing that is available to support your needs and hundreds of others using their cloud. A number of vendors out-source staffing and some of the personnel may not be as good as your own internal organization. Ask the potential service provider if they have trained personnel to support the applications you request.

As I have always stated, know your strategy for your IT organization and your lines of business and weigh whether the “pros” out weigh the “cons” for going with cloud computing. Note that there are a number of advantages and disadvantages; do not be swayed by looking at cloud computing from only a cost-saving point of view.

In all probability the answer will be some thing in the “middle”, i.e. some hybrid form of cloud computing.

As for security and cloud computing

In Forrester’s article titled ” A Close Look At Cloud Computing Security” by Chenxi Wang, Ph.D. Wang states “While cloud computing is able to deliver many benefits, organizations should not jump on the “cloud” wagon without a compelling business driver and a clear understanding of the security, privacy, compliance, and legal consequences. An effective assessment strategy covering these items will help you reach the ultimate goal: Make the cloud service work like your own IT security department and find ways to secure and optimize your investments in the cloud.”

Forrester includes data protection, disaster recovery, and identity management as some of the areas under security and suggest that an audit of the potential cloud provider to see what level of security is actually provided.

As for compliance, the user should analyze how the cloud may or may not impact one’s compliance requirements.

For legal and contractual issues, Forrester advises that one understands who owns/is responsible for what, between the user and the provider (the data, the infrastructure, etc.)

Another article by Network World’s Jon Brodkin titled “Gartner: Seven Cloud – Computing Security Risks” he talks about seven security risk areas.

1. Privileged user access, sensitive data processed outside the enterprise.

2. Regulatory compliance, how does the cloud provider match your guidelines?

3. Data location, where exactly is your data housed?

4. Data segregation, understand that your data is “sitting” next to other’s data

5. Disaster Recovery, what happens when there is an outage?

6. Investigating inappropriate or illegal activity may be impossible in cloud computing,

7. Long-term viability, what happens if your provider “goes away”?

Another article in Network World that reported on the RSA conference, and stated that the former technical director of NSA, Brian Snow is very concerned about vendors offering cloud computing from a security point of view. He is concerned about vendors not addressing current security issues and about new issues that cloud computing will create. Ironically another panelist was concerned about “Big Brother” listening in on cloud computing and how this might impact enterprises’ privacy and compliance issues.

So to wrap up, the internet has security issues, and since cloud computing is in the internet, cloud computing will have those security issues, ones listed above, and ones yet to be discovered. It comes down to the risk profile for your corporation; what level of risk is right for your company relative to investing in cloud computing? Obviously part of the risk assessment depends on your type of company. If you are a financial advisor or in stock management where your intellectual property is basically the company then cloud computing as we currently know it is not right for you at any cost savings. If you resell ping -pong balls (no offense to ping- pong ball resellers) than the risk is relatively low and the savings from cloud computing outweigh the security and other considerations.

Have you conducted an adequate risk assessment before deciding to move to cloud computing?

What's your reaction?

Related Posts

1 of 6

Leave A Reply

Your email address will not be published. Required fields are marked *