The Lighter Side Of The Cloud: Disaster Recovery Plan
The Lighter Side Of The Cloud – iPatch
The Lighter Side Of The Cloud – Private Cloud
The Lighter Side Of The Cloud – Falling Behind
The Lighter Side Of The Cloud –  Size Matters

Methodology Of Cloud Computing Risk Assessment

Methodology Of Cloud Computing Risk Assessment

A Break in the Cloud’s Silver Lining

Though cloud computing is considered as the new paradigm of computing, it should not be considered as a new technology but merely a new implementation or application of existing technology, specifically networking and telecommunications technology. So this brings with it some inherent security risks, with some security experts stating that “the economies of scale and flexibility (that cloud computing brings) are both a friend and a foe from a security point of view.”

When your application and data is streamed half way around the world from your geographical location, there is a risk that whatever data is traveling may be intercepted by a third party with malicious intent. And as data and resources are massively concentrated virtually or literally, this creates a very attractive target for attackers. But cloud-based defenses can also be made to be robust, scalable and cost-effective. That is the goal that the ENISA working group had in mind when they drafted the Methodologies for Cloud Computing Risk Assessment.

Methodology for Cloud Risk Assessment

Because of the inherent risks associated with cloud computing, an ad-hoc working group within the European Network and Information Security Agency (ENISA), the European Union’s center for excellence in network and information security, made an assessment of the benefits and security risks that are present in cloud computing. Then the group gave recommendations on how to mitigate these risks and enhance the benefits of cloud computing.

The working group responsible for the risk assessment also determined a methodology which allows direct comparison between items that enable organizations to perform their own risk assessment and risk management of cloud services and infrastructure. The purpose of which is:

  • To be able to determine the most appropriate risk assessment and management items that an organization may use depending on their situation like which business sector they belong to, the size of the organization, culture, regulation requirements, the sophistication of their risk approach, and their available resources.
  •  To enable a direct comparison between risk assessment and management items in order to achieve a better understanding and permit expert advice on their suitability for use in the given situation of the organization.

The methodology considers the process of risk assessment and management items and together with their inputs and outputs, scores them against set benchmarks that were determined by the group. Depending on the nature of the organization, their business, and their geographical location which determines regulatory processes, they can determine their overall requirements for risk assessment and risk management (RA/RM) by considering and listing down a number of “use cases” and then determining the RA/RM requirements based on that. The organization then assign scores to their processes based on the benchmarks which results in an alignment profile created using a radar chart. It is recommended that individual organizations produce their own ideal alignment profile on which they may compare the score of their profile against.

All the recommendations and methodology are on a document that can be downloaded from ENISA’s website: http://www.enisa.europa.eu.

Conclusion

The importance of assessing and managing the risks that comes with cloud computing is very important so that an organization’s cloud computing foray may return positive rewards. If this was neglected and the organization jumps in blindly, they may not achieve the full potential of cloud computing and may not be able to cope with the risks involved.

By Abdul Salam

Abdul

Abdul Salam is IT professional and an accomplished technical writer with CloudTweaks. He earned his undergraduate degree in Information Technology followed by a postgraduate degree in Business Informatics. Abdul possess over 3 years’ experience in technical & business writing with deep knowledge in Cloud Computing, VMware,Oracle, Oracle ERP, Cloud ERP, Microsoft Technologies and Network Communications (Cisco, Juniper). Visit his LinkedIn profile at: http://linkd.in/TtFu7X

3 Responses to Methodology Of Cloud Computing Risk Assessment

  1. Although still needs improvement, Cloud technologies is the future. We won’t need any storage or hardware for doing things but all are done byt the cloud technology.

Recent

Mobile Connectivity Rises – 24 Billion Networked Devices By 2019

Mobile Connectivity Rises – 24 Billion Networked Devices By 2019

Mobile Connectivity Rises Mobile Technologies such as BYOD, Wearable Technology and Internet of Things are the cornerstone to strong cloud computing adoption and will continue to be the case as the number of connected devices continue to climb. In May 2015, Cisco released the complete VNI Global IP Traffic Forecast, 2014 – 2019. Global highlights…

9 Pitfalls of Providing Cloud-Based Online Government Services

9 Pitfalls of Providing Cloud-Based Online Government Services

Cloud-Based Online Government Services Pitfalls When the US government designed the Affordable Care Act, a key part of the program was to encourage enrollment through the Healthcare.gov website. This online service was supposed to make it easier for citizens to learn about the ACA, compare their health insurance options, and take full advantage of this…

IOT, Intelligent Sensors, And The Change That Is Coming…

IOT, Intelligent Sensors, And The Change That Is Coming…

Intelligent Sensors And The Future What is or isn’t connected: In the end, that is the internet of things. They, the things, represent stuff that has been around for the past 30 years. It was only recently that we have developed a way to consistently connect those devices. Despite the increasing awareness of IoT, it…

Popular Archives

Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. Forrester has defined big data as “Technologies and techniques that make capturing value from data at an extreme scale economical.” The key word here is economical. If the costs of extracting, processing, and making use…

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility

Why Hybrid Cloud Delivers Better Business Agility A CIO friend of mine once told me that a hybrid cloud model enables him to “own the base, rent the spike” when it comes to unplanned events. Let’s face it – maintaining unused infrastructure for rare or random IT events is expensive and unnecessary in a cloud…

Sponsors

The Many Hats Of Today’s IT Managers

The Many Hats Of Today’s IT Managers

The Many Hats of IT Managers In years past, the IT department of most large organizations was much like a version of Middle Earth: a mysterious nether world where people who seemed infinitely smarter than the rest of us bustled around, speaking and typing languages that appeared indecipherable, yet, which made our world work. They…

Selling Your Business To Your Employees

Selling Your Business To Your Employees

Mobility For Your Employees It may seem a radical notion, the idea of selling your business to the people who work for you, but this is the era in which we now work. Employees of all levels are all incredibly aware of their options when it comes to mobility and employability. This doesn’t mean that…

Established in 2009

CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising