7 deadly sins of cloud computing
Increasing your use of cloud computing? Great! Making these common security mistakes? Not great!
By David Geer
Often cloud service providers will attend to the basic levels of security in-house and depend on automated security applications and platforms to fulfill the bulk of their security practices.
Other cloud providers may outsource higher levels of security that are outside their core expertise to third party providers. But the security services of these third party providers may not be included in the contractual requirements and SLAs that the cloud provider shares with the customer.
"You have to require the service provider to maintain specific security functions, document security tasks, and provide copies of all security policies and practices as well as security reports," says Irvine.
Failing to understand the costs.
When cloud providers put their wares on display, they often showcase basic offerings for the sake of cost comparisons by potential customers.
"Unfortunately, after engaging a service provider, companies frequently determine that additional services, software licenses and even hardware licenses are required to perform all the IT tasks to which the business has grown accustomed," says Irvine. Security costs and those related to compliance (and, significantly, the documentation of that compliance) can similarly rise.
Companies underestimate cloud costs even further due to an unrealistic expectation as to the number of internal IT resources that they will need after pushing applications to the cloud.
"Depending on the type of cloud service being offered (SaaS, IaaS, PaaS), the number of resources required internally may not change at all. In fact, many of our clients who engage in cloud computing have no decrease in the internal IT department at all," says Irvine.
In any case, the likelihood that a company will outsource 100% of its applications and systems into the cloud is minimal. Even businesses that push many of their systems to a cloud solution still have requirements for internal infrastructure and workstation engineers. "As a result, IT department costs are only minimally affected," says Irvine.
Read more about cloud security in CSOonline's Cloud Security section.