By implementing some fairly basic security protocols and trusting cloud computing service providers to utilize available resources to ensure proper encryption and access control on their end, companies can greatly minimize their exposure to insider risks (Durkee, 2010). This trust is in and of itself a risk, however, and the lack of direct control presents an unavoidable risk in cloud computing.
A recent case that is both highly unique and highly extreme in many of its details highlights many of the specific problems that are encountered with cloud computing networks and their inherent dependence on off-site and external systems, equipment, and personnel. Last year's flooding in Thailand forced many companies to move to cloud computing options for their data storage and communication needs as well as for many ongoing operations, as on-site data centers and other hardware become inoperable due to rising water levels and power interruptions/other infrastructure problems (Sambandaraska, 2012). The immediacy and the totality of the switch that became necessary for these Thai companies, migrating their networking dependencies from in-house traditional systems to cloud systems provided by off-shore companies, not to mention the forced nature of this transition as cloud computing presented the only option to these companies other than shutting down and potentially losing all of their data, brought several key problems quite quickly and pressingly to light (Sambandaraska, 2012). Controlling the amount of data flowing through the network is necessary to eliminate or at least limit accidental data loss, service interruption, and other technical problems that constitute insider threats; ensuring that proper understanding and adherence to protocol is utilized within the business organization by both management and personnel when such changes are made; and a host of other issues are still being confronted by these businesses (Sambandaraska, 2012). Ongoing attention to Thailand could prove very fruitful in understanding and addressing similar problems elsewhere.
Aside from the directly technical aspects of network security control, the ethical, legal, and financial aspects of implementing security measures are a highly important though less scrutinized aspect of cloud computer networks (Gold, 2012). When examining the costs of cloud computing, the liabilities to clients and consumers, the expense of insurance against these liabilities, and the legal implications and disclosures that must be made and that might cause consumer backlash must all be considered (Gold, 2012). There is a great deal of efficiency and cost-effectiveness to be gained by transitioning form traditional networks to a greater dependency on cloud computing, but there are also many costs associated with this that transition that must be carefully considered, and not all of these costs come in the direct form of adopting and implementing the technologies themselves (Gold, 2012). With these additional costs and complexities arising in addition to the technical threats that insiders present to a cloud computing network, the decision to transition becomes all the more difficult.
Cloud computing is unquestionably the way of the future, and as more companies reduce their own expenses and increase efficiency by making such transitions those that remain behind will find themselves unable to compete in a few years. It is for this reason that so much research has been generated in recent years when it comes to cloud computing generally and security in cloud computing specifically. At the same time, not enough research has been conducted when it comes to specifically addressing insider threats and the cost of controlling security threats in cloud computing, and the need for businesses to transition to the cloud makes the need to expand current literature in this area quite pressing.
Durkee, D. (2010). Why cloud computing will never be free. Communications of the ACM 53(5): 62-9.
Gold, J. (2012). Protection in the cloud. Internet Law 15(12): 23-8.
Qaisar, S. & Khawaja, K. (2012). Cloud Computing: Network/security threats and countermeasures. Interdisciplinary Journal of Contemporary Research in Business 3(9): 1323-9.
Reddy, V. & Reddy, L. (2011). Security architecture of cloud computing. International Journal…