Research
Publication Date: 3 June 2008 ID Number: G00157782
Assessing the Security Risks of Cloud Computing
Jay Heiser, Mark Nicolett
Organizations considering cloud-based services must understand the associated risks, defining acceptable use cases and necessary compensating controls before allowing them to be used for regulated or sensitive information. Cloud-computing environments have IT risks in common with any externally provided service. There are also some unique attributes that require risk assessment in areas such as data integrity, recovery and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance and auditing. Key Findings
• • The most practical way to evaluate the risks
…show more content…
All this makes it easier for them to keep their costs down and scale to meet changing customer demands, but it also makes it harder to assess the risk to your organization from using such a service. Organizations potentially can gain a competitive or cost advantage through selective adoption of cloud computing, but not without first taking a comprehensive look at the associated risks, ensuring that they are consistent with business goals, along with the expectations of regulators, auditors, shareholders and partners. It is especially challenging to understand the risks associated with cloud computing, and CIOs, chief information security officers, compliance and privacy officers, and line-of-business managers should be involved in the risk assessment of new cloud-based services. If a company is considering the use of an external service of any sort, then it needs to: • • • • Assess the security, privacy and regulatory compliance risks Identify use cases that are inappropriate for this service delivery method, based on risk level and current controls Identify use cases that pose an acceptable level of risk for the service delivery method Choose and implement compensating controls before going fully operational
What to Evaluate
Privileged User Access
When sensitive data is processed outside the enterprise, or by non-employees, it means that organizational managers are less immediately aware of the nature and level of
Organizations use the Cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (Private, Public, Hybrid). There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.
The first scenario that will be examined is looking at Cloud Computing from the perspective of security. Many small and medium sized businesses utilize the internet and Cloud Computing to conduct business and transfer money from system to system as well as report on financial accounting data. With that being the case, it is crucial that whatever system the business is working with pays very close attention to security needs to ensure that this data is protected from unauthorized sources viewing or manipulating it.
Ten years ago business professionals were grappling with the decision of whether to implement cloud computing into their organizations. Today, we no longer have the luxury of “If” we will embrace the new technology but rather “How” we will make it as safe as possible.
DATA SECURITY IN CLOUD COMPUTING Introduction: Cloud computing has prompted a movement in how individuals consider IT frameworks structural engineering. Numerous associations today are either executing cloud-based services, or assessing which cloud-based measures they will be portraying later on. As indicated by Gartner Inc. distributed computing is "no less compelling than e-business". This sprocess in building design from an undertaking normal server-based framework to a cloud-based framework will have related expenses of passage and dangers, yet it can bring about inconceivable advantages in reserve funds and in IT and business deftness.
Qasim et al., (2014) the authors of the article “Cloud Computing Risks & Business Adoption” researched cloud computing and adoption. The authors discussed the lurking dangers hiding in cloud computing against businesses. The articles talks about the benefits and the risks that exist and the fact the new technology has the ability to force change on how things are done in the business environment (Qasim et al., 2014). The authors confirmed businesses should not easily rush to trust cloud computing with critical data (Qasim et al., 2014).
Security of data has reliably been a noteworthy issue in information technology. In the cloud computing environment, it turns out to be especially genuine on the grounds that the data is situated in better places even in all the globe. Information security and protection assurance are the two primary elements of client 's worries about the cloud technology. In spite of the fact that numerous strategies on the subjects in cloud computing have been examined in both scholastics and commercial enterprises, data security and protection assurance are turning out to be more imperative for the future advancement of cloud computing technology in government, industry, and business. Data security and privacy protection issues are applicable to both hardware and software in the
Cloud computing will be a cost cutting move of the future for many large information system companies. Zetta, a start up cloud service provider, told InformationWeek that customers realize a three-year total cost of ownership advantage of three to four times that of onsite storage. Imagine having three years worth of ownership cost taken off your budget, three years worth of rent that you can keep in your pocket and spend somewhere else. Using cloud computing will also mean you don’t have to pay for software licenses. A standard that seems pretty consistent for cloud computing companies, if the service doesn’t perform at 99.9% of the time during monthly billing the company will credit you a certain percentage for failing to meet their commitment. If your company was doing its own storage and applications, if the network went down it would do nothing but cost your company money, with clouds they at least pay you for time down.
V. However, the question to switch to cloud services is not always a no brainer. If a company or organization does not consider the potential risks associated with going to the cloud, there could be serious implications as a result of this oversight. The first and most threatening risk is data leakage. “The cloud offers a rich target for hackers, criminals, terrorists, and rogue nations. With cyber-espionage affecting every sector of our economy, aggregating important information in one location is a legitimate security concern. You
Going through reference papers that identify various security vulnerabilities currently present in Cloud Computing systems with respect to confidentiality and Integrity of client data.
Usage of remote servers via internet to store, manage and process data instead of using a personal computer is known as Cloud computing. It’s a set of Information Technology services with the ability to scale up or down their service requirements. Most of the cloud services are provided by a third party service provider. In cloud computing, organizations can utilize IT services without in advance investment. Despite its benefits obtained from the cloud computing, the organizations are slow in accepting it due to security issues and challenges. Security is one of the major problems which hinder the growth of cloud. It’s not wise to handing over the important data to another company; such that clients need to be vigilant in understanding the risks of data infringement in this new environment. This paper discusses a detailed analysis of the cloud computing security issues and challenges. (Ayoleke)
Virtual Machines, attackers camwood possibly screen the reserve in place should take information facilitated on the same physical machine. Such a strike will be otherwise called side-channel strike.
This leads to reduction in costs of operations. b. The employees can easily access information wherever they are, and they do not have to stay in their desks. c. It allows organisations to manage increased storage, than they would on private computer systems. d. The company does not have to spend money on maintenance and hence can be cheaper for its operations.Although the benefits of Cloud computing are evident, there have been questions raised about this technology by Rash (2009), Tidd, Bessant, & Pavitt, (2005) and Shapiro, (2002) all of whom have given various reasons as given below;. a. The main problem facing these organisations is their data security. b. It is not possible to determine the exact benefits that the organisations can accrue.Although it has been found that this technology has many demerits, it is also evident that there are many benefits.For the organisations, the benefits listed above are important and hence provide the motivation for resorting to using the Cloud concept, because, according to Benbasat and Barki (2007), and Schwarz, and Chin, (2007), while large companies can actually afford their own
Cloud computing can offer businesses many advantages. However, there are many disadvantages as well. For instance, increased convenience may come at the cost of diminished security. Scrutinizing these tradeoffs is necessary for determining whether or not to utilize this technology.
Organizations that move their data to the cloud will feel like they are losing control of their data since it is shifted to the cloud provider’s servers. There are issues that need to be addressed prior to an organization moving their data to the cloud, such as setting up a specific backup process and the steps taken to ensure the data is private and secure as well as the geographic location of where the data is going. Moving to the cloud also means that the service provider could have some degree of access to the data (Waterford Technologies, 2016). By the cloud provider having any access to organizational data means there is a potential privacy risk.
Cloud computing has many challenges for IT professionals. One of the most common issues is who has their own data and how the provider will maintain the data securely. Which is a most important concern in law enforcement and litigation-related requests, notes "Forbes" magazine. Security without any third party breaches.