What is Cloud Computing?
Cloud computing is defined as the use of a collection of services, applications, information and infrastructure composed of pools of computer, network, information and storage resources. These components can be rapidly orchestrated, provisioned, implemented, decommissioned and scaled up or down, providing for an on-demand, utility-like model of allocation and consumption.
- On-demand self-service
- Standardized IT-based capability
- Rapid elasticity
- Web-based accessibility and flexibility
- Location-independent resource pooling
- Scalability and resilience
- Priced on a consumption-based model
- Ubiquitous network access
Cloud computing continues to be a rapidly growing, volatile and immature market that is full of cloud service providers (CSPs) with varying degrees of service types and quality. The cloud computing market is driven toward a bifurcated market of "enterprise-grade" cloud services to shore up these issues and "commodity-grade" cloud services to host less critical applications but maintain or even lower service prices. Cloud computing services and the applications that cloud platforms underpin generate a lot of data, which in turn requires cloud services and applications to make sense of it.
Managing the Shift
Chief information officers and chief technology officers must manage this shift under mounting regulatory pressure and growing concerns about data security and privacy, while simultaneously managing complex and aging legacy infrastructure in a “do more, faster, with less” environment. By placing cloud adoption at the center of a renewed business and IT strategy, firms can capitalize on efficiencies and drive business success. The challenge, of course, is formulating a comprehensive adoption strategy. Protiviti breaks this strategy down into four components:
- Strategy — Deploying the right application on the right architecture is not as simple as migrating existing applications to the cloud. There are several strategic considerations to evaluate, including architecture, governance, readiness and platform integration with legacy systems.
- Implementation — Implementation and day-to-day management of cloud operations should be owned by the organization’s service operations function to ensure timely issue resolution and minimal disruption of the technology stack (infrastructure, platform, applications). Considerations should include risk management, capacity and operational excellence, and vendor selection.
- Service Assurance — A cloud migration is an excellent time for business process improvement. Legacy applications may not be ready for cloud deployment. Care must be taken to ensure a seamless customer experience, and the IT function will need to adapt to a new role of “service broker,” capable of navigating between cloud and non-cloud platforms to deliver the best possible service to end users.
- Security — There is a notion that cloud deployment means lower security. Security is certainly a major concern, but it is also a differentiator among cloud service providers. During vendor selection, it is important to vet candidates for data security and privacy safeguards, access management, and compliance with company standard policies and procedures as well as industry-specific regulations and incident management practices.
Common Risks Associated with Cloud Computing:
Loss of Governance — Using cloud infrastructures, the client necessarily cedes control to the cloud provider (CP) on several issues which may affect security.
Management Interface Compromise — Customer management interfaces of a public cloud provider are accessible through the internet and mediate access to larger sets of resources than traditional hosting providers, and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities.
Incomplete or Insecure Data Deletion — When a request to delete a cloud resource is made, as with most operating systems, this may not result in true wiping of the data. Adequate or timely data deletion may also be impossible (or undesirable from a customer perspective), either because extra copies of data are stored but are not available, or because the disk to be destroyed also stores data from other clients.
Data Protection — Cloud computing poses several data protection risks for cloud customers and providers. In some cases, it may be difficult for the cloud customer to effectively check the data handling practices of the cloud provider and thus be sure that the data is handled in a lawful way.
Malicious Insider — Though less likely, the damage which may be caused by malicious insiders is often far greater. Cloud architectures necessitate certain roles which are extremely high-risk.
Isolation Failure — This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks).
Compliance Risks — Investment in achieving certification (e.g., industry standard or regulatory requirements) may be put at risk by migration to the cloud.
For more information on cloud computing, check out the following resources: