Methodology Of Cloud Computing Risk Assessment

Methodology Of Cloud Computing Risk Assessment

A Break in the Cloud’s Silver Lining

Though cloud computing is considered as the new paradigm of computing, it should not be considered as a new technology but merely a new implementation or application of existing technology, specifically networking and telecommunications technology. So this brings with it some inherent security risks, with some security experts stating that “the economies of scale and flexibility (that cloud computing brings) are both a friend and a foe from a security point of view.”

When your application and data is streamed half way around the world from your geographical location, there is a risk that whatever data is traveling may be intercepted by a third party with malicious intent. And as data and resources are massively concentrated virtually or literally, this creates a very attractive target for attackers. But cloud-based defenses can also be made to be robust, scalable and cost-effective. That is the goal that the ENISA working group had in mind when they drafted the Methodologies for Cloud Computing Risk Assessment.

Methodology for Cloud Risk Assessment

Because of the inherent risks associated with cloud computing, an ad-hoc working group within the European Network and Information Security Agency (ENISA), the European Union’s center for excellence in network and information security, made an assessment of the benefits and security risks that are present in cloud computing. Then the group gave recommendations on how to mitigate these risks and enhance the benefits of cloud computing.

The working group responsible for the risk assessment also determined a methodology which allows direct comparison between items that enable organizations to perform their own risk assessment and risk management of cloud services and infrastructure. The purpose of which is:

  • To be able to determine the most appropriate risk assessment and management items that an organization may use depending on their situation like which business sector they belong to, the size of the organization, culture, regulation requirements, the sophistication of their risk approach, and their available resources.
  •  To enable a direct comparison between risk assessment and management items in order to achieve a better understanding and permit expert advice on their suitability for use in the given situation of the organization.

The methodology considers the process of risk assessment and management items and together with their inputs and outputs, scores them against set benchmarks that were determined by the group. Depending on the nature of the organization, their business, and their geographical location which determines regulatory processes, they can determine their overall requirements for risk assessment and risk management (RA/RM) by considering and listing down a number of “use cases” and then determining the RA/RM requirements based on that. The organization then assign scores to their processes based on the benchmarks which results in an alignment profile created using a radar chart. It is recommended that individual organizations produce their own ideal alignment profile on which they may compare the score of their profile against.

All the recommendations and methodology are on a document that can be downloaded from ENISA’s website: http://www.enisa.europa.eu.

Conclusion

The importance of assessing and managing the risks that comes with cloud computing is very important so that an organization’s cloud computing foray may return positive rewards. If this was neglected and the organization jumps in blindly, they may not achieve the full potential of cloud computing and may not be able to cope with the risks involved.

By Abdul Salam

Sorry, comments are closed for this post.

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Three Reasons Cloud Adoption Can Close The Federal Government’s Tech Gap

Federal Government Cloud Adoption No one has ever accused the U.S. government of being technologically savvy. Aging software, systems and processes, internal politics, restricted budgets and a cultural resistance to change have set the federal sector years behind its private sector counterparts. Data and information security concerns have also been a major contributing factor inhibiting the…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Beacons Flopped, But They’re About to Flourish in the Future

Beacons Flopped, But They’re About to Flourish in the Future

Cloud Beacons Flying High When Apple debuted cloud beacons in 2013, analysts predicted 250 million devices capable of serving as iBeacons would be found in the wild within weeks. A few months later, estimates put the figure at just 64,000, with 15 percent confined to Apple stores. Beacons didn’t proliferate as expected, but a few…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…