How does an enterprise correctly understand the risks of cloud computing?

Understanding the risks of cloud computing is the key to protecting cloud-centric businesses. In this article, Ravila Helen White explains three essential elements of cloud computing risk.

The rapid development of cloud computing has also brought many benefits to companies trying to refocus on key business goals, such as increasing the speed of product listings, increasing the competitive edge of companies, and reducing capital and/or operational costs.

Typically, investing in cloud computing technology, such as software as a service [note] (saas[note]) or infrastructure as a service [note] (iaas[note]), can reduce the service requirements for traditional information technology departments within the enterprise. Services that are managed by enterprise business units (such as training, human resources, payroll, and healthcare management) will also be phased out as cloud computing is used.

While investment capital and operational costs have decreased, the risk of cloud computing for information brokers in dark networks has increased. These malicious organizations will trade and sell all information, including personal identity, financial information and even intellectual property.

In the traditional sense, only the information stored inside the company is safe, so implementing cloud computing inevitably increases the risk of information disclosure. In addition, those who specialize in information intermediaries also make cloud-computing providers their target, because they have a good understanding of the information they control. In order to manage cloud computing risk, it is important to first understand what the risk is.

The ins and outs of cloud computing risk

The so-called risk, that is, we do not want the occurrence of the probability of events. In the area of information security, risk is the probability of a malicious or non malicious exposure to confidential information events, or threats to data consistency, and interference with system and information availability events. Any organization connected to the Internet is at risk, and they should consider the resilience of dark networks and the ability to expand private cloud [note] Computing and public cloud computing networks. Data exchange is legal and illegal, and an enterprise's Internet access provides an information transmission loop for legitimate data exchange (such as email, VPN, FTP, etc.) and hostile data exchange such as malware, information gathering and eavesdropping.

Hostile data exchange is not a data exchange that an organization or even an individual would like to have. Typically, the result is waiting for recovery downtime, loss of revenue, loss of data, impact on human capital, and related reputational damage. If an organization is a member of a regulated industry, the organization may be penalized for the cause of the hostile event. Even if companies are not penalized, they cannot afford the serious consequences of loss of customers and loss of confidence in business partners as a result of a security scandal.

All along, cloud computing has been advocating that we can do better and cheaper. You focus on your core business issues, and we manage your technology more cost-effectively and protect your data. While this may be true, cloud computing providers are facing the same challenges as other companies. Given its special business model, cloud computing providers may face more challenges than a typical enterprise. For example (+ micro-credit focus on the web world), cloud computing providers may cater to a niche industry such as credit card industry. If everyone knows that the cloud-computing provider has access to all the credit card information held by customers, it will be the target of a dark information broker. A successful hacker might benefit from an information broker peddling a customer identity or credit card or making a forged credit card.

The risk for cloud-computing providers is also among customers using cloud computing services. Regardless of the number of physical, logical, and virtual isolation and segmentation of the customer, the cloud infrastructure shares common energy, hardware, applications, and network resources. When a cloud computing service provider provides SaaS services, it trusts enterprise users and lets users ensure their user IDs and passwords are secure. Similarly, computing resources for accessing SaaS must also be secure. If an enterprise user is compromised, such as a user ID and password, a seasoned information collector might be able to access the SaaS application and determine how to access other customer data. In an instant, the confidentiality, integrity, and usability of other corporate users ' cloud computing environments are at risk.