Cloud computing optimizes the procurement of IT services, whether through internal or external suppliers. The reason is simple-cloud computing provides remote services in a standard way. From multiple tenant-shared applications (public cloud) to a single user's virtual server (Private cloud), cloud services are diverse and not limited to a single model.
One of the big advantages of cloud computing is that cloud service providers can offer better services at lower prices. The reason for this is that the cloud provider has the ability to absorb highly skilled employees, state-of-the-art technology, and other essential elements to provide security services, thanks to its large operational scale. In general, large cloud providers are more likely to offer more secure and quality services at lower prices than small and medium-sized organizations.
As we all know, the public cloud provides multi-user-shared applications, while the community cloud is limited to specific groups (such as governments or medical institutions) and members are tightly controlled. As a result, community clouds retain many of the advantages of cloud size in reducing the risks associated with "rent-for-hire". Private cloud provides applications and infrastructure for specific organizations, allows them to outsource management of IT infrastructure, and controls more tightly on resource locations and management. But because private clouds have less potential in the economy, deployment costs may be higher than the public cloud. In addition, the private cloud may be less resilient if it is constrained by available resources.
The information security risks associated with cloud computing technology depend on the service and delivery model, and the specific risk depends on the organization's personalized needs. Among them, common security concerns exist mainly in the confidentiality, consolidation and availability of services and data.
From a customer's perspective, the best way to manage risk is to start a due diligence (due diligence). Specifically, it is to ensure that cloud service providers fully understand customer needs, properly assess risk, and control conformance to service level agreements (agreements).
Some of the most basic information security issues are summarized below. Because cloud computing covers a wide range of features, the priority level of these issues will depend on the model and individual circumstances employed.
Compliance: According to the laws and regulations, determine whether the business requirements compliance. Also, make sure that the cloud service provider knows how to meet these requirements.
• Service location: Determine the geographic legal constraints of cloud service providers, services, and data, and ensure that the issue is properly addressed in the service contract.
• Data security: Identify and classify data to be migrated to the cloud, and set specific security requirements for confidentiality, integrity, and availability. Ensure that the ownership of the data is specifically covered in the contract.
• Usability: Identify the availability requirements of the service and ensure that your provider is able to implement it. Don't forget to take control of the intermediate infrastructure and equipment yourself.
• Identity and access management: set specific requirements for identity control and access management and secure delivery.
• Insider abuse Privilege: Ensure that the cloud service provider specializes in processes and technologies to properly control specific access and thus prevent data disclosure.
• Internet threats: Identify the required level of protection against internet-based threats to ensure adequate security from both the cloud provider and the enterprise.
• Monitoring: Separation of monitoring data between different users to ensure that both business and legal requirements are met.
The key to a secure embrace of cloud computing and the benefits of cloud computing is to have a good set of IT governance tools, such as COBIT. COBIT can provide you with the following guidance:
• Identify specific requirements for cloud-based solutions.
• Further identify governance requirements as required. Some applications may be more important than others.
• Establish solutions to better understand security risks and vulnerabilities, and to determine risk response patterns based on management requirements. Disorientated it, based on the COBIT governance framework, is an ideal it risk framework.
• Understand the specific content and coverage of the certification and audit reports provided by the cloud service provider.
Cloud computing has succeeded in reducing enterprise costs by providing alternative solutions for procurement and IT service delivery. In fact, many organizations have adopted outsourcing models for Non-core internal functions, such as it. However, in the process of cloud transition, risk considerations are critical. Similarly, good governance is the guarantee of the smooth development of cloud computing.