Cloud Computing
Assessing the Risks of Cloud Computing
Despite the many economic advantages of cloud computing, there are just as many risks, both at the information technologies (IT) and strategic level for any enterprise looking to integrate them into their operations. The intent of this analysis is to evaluate three of the top risks of cloud computing and provide prescriptive analysis and insight into how best to manage each. Despite widespread skepticism of cloud computing with many Chief Information Officers (CIOs) and senior executives, its value continues to re-define the enterprise software industry with projections of between 17% to 22% growth through 2015, becoming a $15B segment of the software industry (Blumenthal, 2011). The three top risks of cloud computing include data security and access, data segregation, and regulatory auditing and compliance (Blumenthal, 2011). As many cloud computing platforms are on open source-based operating systems including Linux, security is exacerbated by the reliance on low-cost, often highly egalitarian-designed platforms (Aslam, Ullah, Ansari, 2010).
Analysis of Cloud Computing Risks
The three top risks of data security and access, data segregation and regulatory auditing and compliance of a cloud computing partner taken together form the majority of risks enterprises face when moving to a cloud computing platform. Data security and access refers to the entire spectrum of security, from the physical access to the servers, stability from harm or destruction as a result of environmental factors including earthquakes and severe weather, and the physical security of the server room sand locations. Even more important is the software-based security that must begin at the infrastructure layer of cloud computing platforms, often called the Platform-as-a-Service (PaaS) functions of the overall cloud computing model (Vaquero, Rodero-merino, Moran, 2011). The PaaS component of...
This type of security can be achieved by a very thorough analysis of inbound and outbound ports of servers, the definition of authentication keys and pervasive use of firewalls and other deterrents to unauthorized access (Rodero-Merino, Vaquero, Caron, Muresan, Desprez, 2012). Data security and access must also be managed to the role level of any organization to be effective (Walters, 2010). This translates into the need for managing each and every account that has access to the cloud-based systems and resources on a role-based profile that delineates which items they have access to or not (Walters, 2010). Data security and access strategies must be also enterprise-wide, ensuring systems integrated to the cloud architecture are also protected from a systems- and role-based access to ensure the highest level of security possible. All of these considerations are often defined in an enterprise security management plan or strategy (Walters, 2010).
The second significant risk is data segregation, or the lack of data orthogonality in the inherent structure of cloud computing platforms. Many CIOs and senior management teams are very concerned about this risk, given the early failures of the Amazon Web Services (AWS) architecture to support true multitenancy and lock down specific memory and disk locations to protect one accounts' data from another (Rodero-Merino, Vaquero, Caron, Muresan, Desprez, 2012). Amazon Web Services customers at one point were able to see each others' data, even though they were assured their individual accounts had multitenancy included. Amazon promptly redesigned their entire Web Services architecture to make sure that level of security error would never happen again (Newcombe, 2009). Just the exposure of other account data across the Amazon Web Services complex however made many CIOs and senior…
