25 Risks With Cloud Computing

Biz Tech Tips, archive.

What Cloud Computing Risks Are Out There?

Before I get started, it should be noted that all of the following risks have actually occurred. Not only that, but they have also occurred within larger and reputable cloud computing companies.

Technical Risks:

First we'll talk about technical risks:

1. Distributed Denial of Service Attack vulnerabilities: the cloud service gets bombarded and goes down, and you get shut out of your data as a result

2. Economic Denial of Service: where the easy scaling creates a big bill that you can't pay and gets you locked out; or a SaaS company you utilize grows too quickly and is using AWS or another cloud provider and they can't pay their bill, still effectively hurting your business

3. Cloud resources are exhausted/limited

4. Failure to isolate data from separate tenants: data sometimes gets mismanaged and your data becomes available to somebody else using the same cloud service, or vice versa

5. Malicious insider at the cloud provider: a disgruntled employee may do something just to get back at the cloud provider

6. Data gets intercepted in transit: maybe your data is safely stored in the cloud provider's servers, but what about when it's in transit from you to them? The provider usually says that's all on you too, even though they may not offer true end-to-end encryption

7. Data leaks once it's in the cloud: your data could get out somehow

8. Loss of encryption keys: many cloud providers force you to use their encryption keys, but on rare occasions, they have been lost or targeted and now all of your data is encrypted with no hope of un-encrypting it.

9. Compromises through the management interface: how you access it or the structure of how the cloud provider lets you access it, could be a weakness

10. Insecure or incomplete data deletion: when something is removed from your computer or from a cloud service, it does not mean that a skilled person could not piece things back together. Your data is essentially a bunch of 1s and 0s and until it gets overwritten, all or parts of it could potentially be recovered

Next are organizational risks:

1. Difficulty/impossibility to switch vendors: if it becomes a whole expensive project to switch away and you can't afford the time or the money, you're effectively stuck

2. Compliance challenges: are you able to meet the regulatory demands of your business through whatever configurations are made available to you?

3. The cloud provider fails or terminates its business: if the business goes under it rarely lets you know in advance or gives you access after the fact

4. The cloud provider is acquired: the changing and merging of company structures enhances the chances of any of the above happening

5. Failure somewhere in the supply chain: maybe it's not the cloud provider themselves, but maybe they have 3rd party vendors who manage the servers or other critical aspects and that 3rd party falls short

Legal risks include:

1. Subpoenas on a co-tenant: you're essentially sharing computers with people and if another person on that cloud services stored something that might be used in a court case, authorities could secure the whole server

2. Changes of legal jurisdictions: this means a change in rules and a change in structure. This may cause downtime or just not be favorable to you in general

Other general risks include:

1. Network outages: if your network or the cloud vendor's network goes down, you're in trouble

2. Network mismanagement: maybe it doesn't go down, but it isn't scaled properly or maintained properly and problems arise from that

3. Social engineering attacks: this is where attackers target the human aspect of the business and try to get access they shouldn't be able to get. Maybe they call in pretending to be a customer trying to recover their password, or a number of other things, that compromises your data

4. Loss or compromised operational logs: this is essentially loss of documentation and it could lead to everything from network mismanagement to an inability to find or service you

5. Loss or theft of equipment: computer equipment is expensive and may be targeted for that reason and not because of what is stored on it. What if it gets stolen, lost, or damaged in some way?

6. Loss or theft of data: someone could actively be targeting your data, or through mismanagement lead it to be unrecoverable and lost somewhere in their server farm

7. Unauthorized access to premises: someone could break into the physical property and damage or steal something that affects your business' cloud operations

8. Natural disasters: earthquake? Snowed out? Rainstorm leading to power outage? All of these could spell disaster for your company and its data

Now, none of this is to say that the cloud is bad or that I'm against the cloud. But, it's not nearly as clean and worry-free as you might assume. Having good backups, even of cloud data, is never a bad idea and helps curb the risks associated with lots of these potential issues.

But, that's all I've got for you today. Let me know if you have any questions.