“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources like networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction”.
Source: The NIST Definition of Cloud Computing, Version 15, 10-7-09, National Institute of Standards and Technology, Information Technology Laboratory
Cloud computing is the new mantra in most of the organizations but is Cloud computing new? Personally, I believe it has been there ever since Internet email has been available. Yahoo, Hotmail, AOL etc. in their heydays were a basic cloud computing model. However, the evolution of cloud computing has taken root only in the last few years what with storage becoming cheaper and Internet access exploding globally. Now they are able to support Enterprise applications and business processes out of the cloud environment.
The lure of cloud computing and the benefits it brings is illustrated in the graphic below.
Security Risks in Cloud Computing:
As with any new shift in computing methods, even Cloud computing has it’s share of risks. Some of the key risks of Cloud Computing are listed down below:
|Geography||Given various countries and various regulatory authorities, controls for supporting appropriate cross border data views and use must be maintained|
|Defining ownership, custodianship, processing & use rights and obligations||Clearly establish rights and obligations associated with data assets. Often rights and obligations are dependent on the physical location of the data owner, custodian and user. Designing and implementing effective controls to support appropriate rights and obligations may be complex|
|Multi-tenancy||In a multi-tenant cloud environment,users may access shared resources, possibly gaining unauthorized access to other tenants. This may have less risk in a private cloud, but more risk in a public cloud|
|Security||If one of the cloud servers get compromised, will it lead to compromise of the other servers in the shared infrastructure? Public cloud may have an increased attack surface compared to the private cloud, however, any compromise .|
|Data Loss||On transient systems, a cloud vendor provider instance failure may lead to permanent loss of system information including system configuration and data stored locally. The concept of a “disposable” server also adds to the risk of loss of data and system information.|
Tackling the Security Risks:
Based on the risks listed above, the various controls that can be considered in tackling them are listed below:
|Privacy and data protection||
|Security incident response||
|Data Leakage or Loss||
Cloud computing is here to stay and it is important that we understand the security risks and some potential controls that can be implemented when moving to cloud. This post is a primer to what Cloud computing is and what are the various security challenges presented by it. Let me know your thoughts on this