Cloud computing: benefits, risks and recommendations for information security
Cloud computing is a new way of delivering computing resources, not a new technology. Computing services ranging from data storage and processing to software, such as email handling, are now available instantly, commitment-free and on-demand. Since we are in a time of belt-tightening, this new economic model for computing has found fertile ground and is seeing massive global investment. According to IDC’s analysis, the worldwide forecast for cloud services in 2009 will be in the order of $17.4bn1. The estimation for 2013 amounts to $44.2bn, with the European market ranging from €971m in 2008 to €6,005m in 2013 2. The key conclusion of ENISA’s 2009 paper on Cloud
…show more content…
The following sections attempt to make the distinction when the risks or benefits apply differently to different cloud models.
TOP RECOMMENDATIONS
ASSURANCE FOR CLOUD CUSTOMERS
Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider (e.g., DDoS attacks). They need this in order to make sound business decisions and to maintain or obtain security certifications. An early symptom of this need for assurance is that many cloud providers are swamped with requests for audits. For this reason, ENISA has created a standard checklist of questions which can be used to provide or obtain assurance 6. Documents based on the check-list should provide a means for customers to: 1. 2. 3. 4. assess the risk of adopting cloud services; compare different cloud provider offerings; obtain assurance from selected cloud providers; reduce the assurance burden on cloud providers.
The security check-list covers all aspects of security requirements including legal issues, physical security, policy issues and technical issues.
5
General Services Administration US - GSA [Online] http://www.gsa.gov/Portal/gsa/ep/contentView.do?pageTypeId=8199&channelId=24825&P=&contentId=28477&contentType=GSA_BASIC
6
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-information-assurance-framework
2
LEGAL RECOMMENDATIONS
Most legal issues involved in cloud computing will currently be
Cloud computing has set a trend in the information technology arena that has sparked the interest of all who utilize the internet on purpose and unsuspectingly. Initially, the primary purpose of cloud computing was to provide a centralized data bank that organizations could use for quick data access. Its use has been quickly adapted, however, beyond business use to become the first option for personal use. The advantages and disadvantages of implementing such a shift from business to personal are varied, yet, statistically, according to the CISCO Global Cloud Index: Forecast and Methodology, 2014-2019 White Paper, its public use is on the rise. The report notes that “by 2019, 56 percent of the cloud workloads will be in public cloud data centers, up from 30 percent in 2014 and by 2019, 44 percent of the cloud workloads will be in private cloud data centers, down from 70 percent in 2014”. Though disadvantages with regard to data security is prominent, users have deemed that its implementation will still promote greater benefits than loss.
The national institute of standards and technology (NIST) defines cloud computing as “a model that is meant to enable convenient access to a network that is on demand to a pool of shared computing resources that are configurable” (Jansen & Timothy, 2015). Computer system resources includes, but not limited to, storage, system servers, applications, services, and networks. Cloud computing allows these computing resources to be accessed virtually anytime, anywhere. Cloud computing opens up new possibilities in the field of information technology that many of us have or will experience. As the clients or the customers are very excited about the numerous opportunities that come along with the cloud computing technology such as a reduction in the costs of capital, and the opportunity of divesting themselves of management of infrastructure, and a massive focus on the core competencies, and most importantly, the agility that is usually offered by the provision of computing that is on-demand, there are challenges and other numerous issues that need to be looked into and addressed before a universal adoption might happen (Jansen & Timothy, 2015).
“Cloud” computing is the fanciest buzzword in the computer industry, currently surpassing the last big term “web 2.0”. Every big player in the computer industry launched a cloud service last year. Notable examples are iCloud by Apple, (Apple 2012) or Microsoft Cloud Services (Microsoft 2011), copying various innovators like Google or Dropbox, who offer similar services since much longer. The latter is the most successful
This journal examines the various types of threats that a cloud-based company has to defend against. The authors recognize that the cloud has the potential to be a disruptive force in technology, and it examines the concerns that a business has for migrating to the cloud through the use of surveys. The benefits and risks are examined and the article provides statics and charts to illustrate the findings. The most interesting point of this article is it highlights the concerns customers have listing security as the number one reason preventing a business from migrating to the cloud. I plan to use this article to explain the challenges developers face in securing data on the cloud, not only with application development but also with educating businesses to alleviate misconceptions on cloud computing.
Cloud computing has grown in popularity to the point that it is now becoming the preferred method of the business community for accessing services on the Internet. This paper examines the reasons for this growth and explores the benefits and drawbacks of this technology.
Not all security is perpetrated by individuals or groups, it is more common to see state-sponsored attacks, but very little information is publicly disclosed. This lack of disclosure can cause a mistrust on the part of customers. The intense growth of cloud environments
It would be fair to say that cloud computing has changed the way the business used to do. With the evolution of cloud computing, IT companies can get software to hardware and infrastructure to staff requirement on demand. Cloud service providers also fully mange the services which can be provided at any time. Cloud computing utilizes a combination of the internet (cloud) and computer technology (computing). It is broadly defined as methods to deliver information or services to customers who pay for what they use. It uses the architecture in which one provider is giving services to multiple organizations. This paper, I will be discussing about risk and challenges of cloud computing. My main focus on the paper will be over cloud, its standardization, challenges/concerns and current business transformation.
Cloud computing is the result of evolution and adoption of existing technologies and prototypes; although the origin of the term cloud computing is unclear. In the earliest stages, the term ‘cloud’ was used to represent the computing space between the provider and the end user. References to cloud computing in its modern sense appeared as early as 1996, with the earliest known mention in a Compaq internal document (Regalado, 2011). In 1997, Professor Ramnath Chellapa of Emory University and the University of South California defined cloud computing as the new “computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits alone”. This has become the basis of what we refer to today when we discuss
Moving forward 30 years to 1997, is when the term “cloud computing” was first used by information systems professor Ramnath Chillappa. Within a few years, companies began switching from hardware to cloud services; they were attracted to the benefits like the reduction in capital costs as well as an easing in IT staff; the number one benefit being efficiency.
Cloud computing is moving into the mainstream. Moving to the cloud might be a viable option for some consumers. However, there are many facets to consider before moving to the cloud. There are four types of clouds, public, private, community, and hybrid. All four cloud arrangements have pros and cons, and they need to be weighed before a decision is made. Two main challenges of clouds are security and privacy. These two main issues must be addressed prior to choosing a cloud service. As a consumer, you make the choice for how stringent your security and privacy are to your stakeholders.
By 2020, Forbes (McKendrick, 2012) has estimated that the cloud market will be worth $270 billion; this suggests that the market is expanding rapidly and users are becoming more aware of this feature. Many people, though, still ponder over the exact purpose of cloud computing: Cloud computing is a group of offline servers that are networked together to allow data to be stored centrally. For example, Drop box is an established cloud storage company that allows users to store documents, images and videos on their servers. This type of cloud computing is known as ‘Software-as-a-Service’, which are business applications that are hosted by the provider and delivered as a service (Hurwitz, 2010). Hurwitz also mentions two other types of cloud computing: ‘Platform as a Service (PaaS)’ and ‘Infrastructure as a Service (IaaS)’. ‘Platform as a service’ is where the consumer will create an application, using tools and software from the provider, then the provider will administer the consumer with networks, storage and servers. ‘Infrastructure’ as a service is where the provider will provide the consumer with physical computer or virtual machine.
There are fourteen domains of cloud security. They are Cloud Architecture, Governance and Enterprise Risk Management, Legal and Electronic Discovery, Compliance and Audit, Information Management and Data Security, Probability and Interoperability, Traditional Security, Business Continuity, and Disaster Recovery, Data Center Operations, Incident Response Notification and Remediation, Application Security, Encryption and Key Management, Identity, Entitlement and Access Management, Virtualization, and Security as a Service (“Security guidance for,” 2011).
The next area the business must evaluate is performance over time, cloud providers performance and ability to provide highly available services are critical, this is one major reason to moving to the cloud is the ability to have highly available services. The company must assess and determine what the cloud service provider can provide in terms of uptime along with the amount and location of data centers. In addition, the company must understand what tools and methods the cloud service provider provides the company to monitor the services and availability of the cloud network along with SLA’s that can be utilized to protect the company.
The term ‘cloud computing’ gets tossed around in media and business settings, and while everyone seems to know generally what it is, not everyone is aware of how to use it, much less how to implement it in a safe way that still enables it to provide the full benefits of storing data in the cloud versus storing and managing it on-site. Cloud computing has many benefits for businesses, such as allowing them to store information and be managed by an outside company, which eliminates the cost and effort of a company having to buy servers, install and configure them, and then hire IT staff to continue to maintain them. According to a study of over 1,300 U.S. and U.K. businesses, 88 percent reported that they saved money using cloud services,
The world, as a whole, is changing. It is true that some sections of the world are remaining primitive in terms of industrialization, but the general population is a progressive one. There are incredible advancements being made in the industries of transportation, communications, aerospace and defense, as well as almost every industry related to the culture of society. As these advancements progress and companies innovate, the demand for different products changes. For example, the demand for DVDs today is no where near what it once was. In today’s society, there is a huge demand for technology based products. Due to this increased demand for technology, there has been an impressive amount of innovation on how technology is both used and sold. The largest of these innovative movements has been the movement towards cloud computing. In about as basic of a definition there is, The Cloud is simply a way to store data online. Instead of saving something to a hard drive, it can be saved to The Cloud. As one of The Cloud’s many advantages, this allows files to be accessed from any device at any location. However, it also has some disadvantages. This is arguably the most relevant issue in the business world today, which is why the sources below will help to analyze the benefits of cloud computing versus the costs of it.