When you keep the data in local storage i.e. hard drive, then you can access it only from your computer. But this does not happen in the context of Cloud Computing. You can access data or programs stored on the Internet from anywhere.
Due to its many features, cloud computing is one of the most popular technologies nowadays and its use is also increasing rapidly. As the time is progressing, in the same way some new technology is being invented every day. If we want to walk step by step with the world, then it is necessary for us to know about these latest technologies.
Cloud Computing is the technology in which various types of services are provided using the Internet. These services can be anything, whether it is some kind of software or storage space is to be given on the server or any other service.
Types of cloud services
- Infrastructure as a Service (IaaS) – This service provides on-demand access to IT infrastructure. This includes the storage, network, and computers that run your workloads. As a Businessman user, you can request for IT Services and pay only for those services which you are using.
- Platform as a Service (PaaS) – It is a cloud base environment that you use to develop, test, run and manage applications. This service includes web server, dev tools, execution runtime and online database. In this you can work fast and release the application quickly.
- Software as a Service- (SaaS) – The most common form used by small businesses. This involves the use of software hosted on a remote server. It runs applications through your web browser and saves, retrieves or shares files stored outside your business.
Here are the following top 7 risks and their remediation which are associated with Cloud Computing Environments:
1. Elevated user access
- Risk – Any data processed outside the organization brings with it an inherent level of risk, as outsourced services may bypass the physical,logical,and will have elevated user access to such data.
- Remediation – Customer should obtain as much information as he/she can about the service provider who will be managing the data and scrutinizing vendor’s monitoring mechanism about hiring and oversight of privileged administrators, and IT controls over the access privileges.
2. Regulatory compliance
- Risk – Cloud computing service providers are not able and/or not willing to undergo external assessments. This can result into non-compliance with various standards/ laws like the US government’s Health Insurance Portability and Accountability Act (HIPAA), or Sarbanes-Oxley; the European Union Data Protection Directive or the credit card industry’s Payment Card Industry Data Security Standard (PCI DSS).
- Remediation – The organization is entirely responsible for the security and integrity of their own data, even when it is held by a service provider. Hence, organization should force cloud computing service providers to undergo external audits and/or security certifications and submit the report on periodic basis.
3. Location of the data
- Risk – The organizations that are obtaining cloud computing services may not be aware about where the data is hosted and may not even know in which country it is hosted.
- Remediation – Organizations should ensure that the service provider is committed to obey local privacy requirements on behalf of the organization to store and process the data in the specific jurisdictions.
4. Segregation of data
- Risk – As the data will be stored under stored environment, encryption mechanism should be strong enough to segregate the data from other organizations, whose data are also stored under the same server.
- Remediation – Organizations should be aware of the arrangements made by the service provider about segregation of the data. In case of encryption mechanism, the service provider should display encryption schemes and testing of the mechanism by the experts.
5. Recovery of the data
- Risk – Business continuity in case of any disaster-availability of the services and data without any disruption. Application environment and IT infrastructure across multiple sites are vulnerable to a total failure.
- Remediation – Organization should ensure the enforcement of contractual liability over the service provider about complete restoration of data within stipulated time frame. Organization should also be aware of Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) established by the service provider.
6. Information security violation reports
- Risk – Due to complex IT environment and several customers logging in and logging out of the hosts, it becomes difficult to trace inappropriate and/or illegal activity.
- Remediation – Organization should enforce the contractual liability toward providing security violation logs at frequent intervals.
7. Long-term viability
- Risk – In case of any major change in the cloud computing service provider (e.g., acquisition and merger, partnership breakage), the service provided is at the stake.
- Remediation – Organization should ensure getting their data in case of such major events.
How did you like this article? Do tell us by writing a comment so that we too get a chance to learn something from your thoughts and improve something.