Top 10 Enterprise Risk for Cloud ComputingBy Dipankar Das, Gaea News Network
Thursday, April 29, 2010
Cloud Computing represents one of the most significant turn in information technology. Customers are both excited and nervous at the prospects of Cloud Computing. They are excited for the opportunities that they will be able to reduce capital costs. They are excited for a chance to outsource their infrastructure management, and focus on core areas. However, customers are also very concerned about the risks of Cloud Computing if not properly secured, and the loss of direct control over systems for which they are not accountable. This article concentrates on top 10 concerns for cloud computing at enterprise level.
- Since, sensitive data is processed outside the organization, some inherent risks is always there. This is due to the fact that the outsourced company bypasses the physical, logical and personnel control that the organization may possess in house. It is a good idea to get much information about the people who manage your data.
- When you take the cloud service, you don’t know where your data resides. It may be in different country other than you are living. Please, ask your provider if they can store the data at specific location. Gartner also advises in having a contractual agreement with them so that they obey local privacy requirements on behalf of their customers.
- Customers are responsible for their own data. Although, they are kept by the service provider. Gartner further advises that it is wise to know whether your provider is subjected to external audits and security certifications. If the answer is “NO”, it may not be advisable to keep sensitive data.
- Even you may not know the location of your data, the service provider should tell you what is going to happen to your data and service in case of any disaster. “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,”says Gartner. Please, ask your provider ahead of time whether they will be able to restore your data completely and how long it will take time.
- Your data may be stored in a location alongside with the data of other customers. Encryption is very much essential in such a situation. Find out how data are going to be isolated. Encryption accident may make your data unusable. You provider should tell you whether encryption is tested by a specialist.
- Most cloud service providers force the customers to rely on a single platform or host only one type of product. Say, for example, Amazon Web Services is built on the LAMP stack, Google Apps Engine uses proprietary format. If you need multiple platforms, you have to take multiple clouds which is difficult to manage.
- A provider may not disclose the fact how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. Sometimes there is not much attention into the hiring standards and practices for cloud employees. That can create an opportunity for cyber criminals for organized crime. They may have access to confidential data in order to gain further control of cloud services without the fear of getting detected.
- Customers use to manage and interact with cloud services with a set of interfaces (APIs). Provisioning, management, monitoring etc, all are done through this APIs. The security of these APIs are crucial. From authentication and access control to encryption and activity monitoring, these interfaces should be designed to protect against both accidental and malicious attempts.
- An example of data loss may be deletion or alteration of records without a backup of the original content. Due to the architectural
or operational characteristics of the cloud environment, the threat of data compromise increases in the cloud.
- Account hijacking is significantly on the rise now a days. Attack may be phishing, fraud or exploiting software vulnerabilities. If an attacker gains access to your credentials, they can get hold of your activities and
transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. They are going to use your service as a new base.
Tags: Account Hijach, Account Hijacking, API, cloud computing, Data Encryption, Data Security, Gartner, Phishing, Risk Management