Risks associated with Cloud Computing Applications

Cloud computing is here and almost every organization is using it in some way, shape, form or method. It is most certainly transforming the way small and medium businesses (SMBs), and businesses in general, use IT. Cloud computing has in fact permitted businesses to access high-end technology and information at an inexpensive price. With the boon of the technology, SMBs can access new technology and broader resources without paying for the premium price as it would have cost them earlier.

According to Monica Crocker and Smallwood, there are 8 common risks associated with the business face with Cloud computing, along with some thoughts for addressing such concerns.

·        Information loss: If the information is deleted or altered without taking a clean backup of the data, it may be lost forever. Information might be lost by getting delinked with its proper indexes. In addition to this, if the data/document is stored on unreliable media, that also may cause losing sensitive data. Also, lack of training on Cloud can lead to users compromising sensitive data and the system may become a haven for intruders.

·        Information Breaches: Because of the architectural or operational nature of the Cloud environment and its design, the chances of data breaches are more. There are several latest examples which depict that Cloud design is the prime cause of many information breach incidents.

·        Insider Threats: It is important to know how the cloud provider offers security against the data center and how does the entry and exit of the employees are maintained in the data centers. How does the background check take place against the security officers monitoring the building and premises? What are the remedial procedures due to any noncompliance events? Such questions need to be clearly understood before adopting cloud technology. There are risks involved in non-compliance with current policies and contractual requirements related to the handled data or business operations. The legal insinuation of using an external IT provider should be prudently studied.

·        Hacking and Rogue Intrusions: A very easy signup process for the cloud Services may pose hackers to easily assume multiple identities and they can easily carry out malicious attacks. Using such anonymous accounts and identities and taking such advantage, the hackers, spammers can engage in many criminal activities while staying elusive.

·        Insecure points of Cloud Connection: Though cloud technology, information flows through across the networks, between devices, servers, etc. This movement of information drastically complicates the process of securing the environment. It must be protected at the point of origin, the point of receipt, the device through which it transmits, and so on. The API (Application Programming Interface) must be thoroughly tested to ensure that they are secure and follow the appropriate policy and procedures. It is extremely possible that a malicious third party could piggyback value-added services on APIs, resulting in a layered interface which is more susceptible to security breaches.

·        Issues with Multitenancy and Technology Sharing: It is an absolute necessity to deploy security enforcement and monitoring of all shared computing resources. There must be a solid partitioning across the Guest OS which is popularly known as Compartmentalization to be developed so that one clients’ activity does not interfere with other running on the same cloud provider.

Cloud user organizations need to balance while supporting modernization in the cloud with having a risk-based governance structure that includes policies, procedures, and personnel. Saying no to the vast potential of cloud solutions may also lead to unrestrained Shadow IT. Information security, risk management, and inside audit divisions can help their organizations understand and exploit the benefits of the cloud while harmonizing risk rather than deterring the process. Increasing cloud practice along with with rising maturity of CASB (Cloud access security brokers) solutions has motivated greater enterprise acceptance of CASBs. Today, CASB is a critical component of the enterprise security stack. Gartner predicts that by 2022, 60% of enterprises will be using a CASB to secure their cloud applications.

                                                           Reference

Robert F. Smallwood (2014). Information Governance: Concepts, Strategies, and Best Practices. Hoboken, New Jersey: John Wiley & Sons, Inc. (p-291-295).