Cloud computing: Boon for IT value optimization or bane for risk management?
Cloud computing creates its own set of risks, but its potential security benefits shouldn't be overlooked
By Arvind Benegal and Thiru Annadorai, MindTree
September 21, 2010 — CSO —
Cloud computing has taken the IT world by storm, fundamentally changing the way organizations approach IT. The cloud has brought promise of financial and business benefits including reduction in IT capital and operational expenditures. Yet, as with any new technology, cloud computing has been associated with a number of security risks.
While the cloud continues to evolve and address these security & compliance requirements, organizations are left to wonder if cloud computing is a boon for IT value optimization or bane for enterprise risk management. What should be considered, however, is that amidst the backdrop of the current security risks, there are also a number of security and risk management benefits that the cloud can offer.
Opportunities are the Face of Risks
Many of the security risks associated with cloud computing are not unique to the cloud due to the nature of the underlying infrastructure. The cloud can be exposed to risks from poorly defined and implemented policies and procedures, flaws in infrastructure security, physical & environmental security, disaster recovery, personnel security and IT operational security. The cloud can bring new dimensions to some of these existing threats while also introducing new risks.
Some of the inherent risks are related to data theft, leakage or destruction due to co-location of data, spread of malicious activities and malware infections to multiple customer environments. However, there is also the risk of choosing a low-grade service due to cost limitations. Since cloud is a utility model, cloud consumers may have the tendency to sacrifice security features and offerings in order to reduce the costs further, putting themselves in jeopardy.
Another major challenge commonly found is security awareness among the staff of a cloud provider that has its presence in multiple countries. In these instances, users may find that a provider's culture, perception of risks and needs for security and privacy vary with local regulations, or the lack there of. The cloud needs to have 24x7 operations to service customers across the globe, and must offer the optimal value to its customers by dynamically pooling and allocating resources, depending upon peak usage & traffic patterns and time of day. The cloud is meant to be in motion constantly and so is your data.
In a typical outsourcing situation, it is easier to locate data within networks of a selected vendor and restrict access to the data. Verifying vendors' compliance with the contractual requirements and local regulations regarding data protection, etc., are relatively less challenging when compared to a cloud environment where it is hard to restrict the movement of one's data.
Cloud's Security Benefits
Keeping data on-premises was once considered the safest way to go. Now, however, moving data outside has turned out to be an opportunity for substantial bottom-line growth, and enhanced business agility for new products & services, and time to market. In addition, the cloud can offer the opportunity to offload operational security administration such as patching, log reviews, user administration, device administration, back-ups and so on. The cloud can also bring about reduction in the number of human resources required for operations, security, audit and compliance functions. In essence, the cloud is very attractive for those that are accountable for IT value optimization and maximization.