Cloud Computing Risks
“Fear of failure must never be a reason not to try something.”
– Frederick Smith, founder, chairman, president, and CEO of FedEx.
There is absolutely no doubt that cloud computing is beneficial to companies looking to revolutionize their IT infrastructures. However, there is no denying that certain concerns do remain. While we do advocate what Mr. Smith says in the quote above, of not refusing to embrace new technology for fear of setbacks, it’s always better to recognize beforehand some risks with cloud computing and how to deal with them.
Here, we list some of the issues that, if unattended, have the potential to deteriorate into risks. Often, the solution involves clarifying issues when selecting the cloud computing Service Providers. However, we must stress that most providers do address these issues, thereby making cloud computing relatively safe.
However, like all emerging technologies, there is always scope for improvement.
- Security – This is “the” major bugbear, the main reason holding back universal adoption of cloud computing. Being based on the Internet does make cloud computing susceptible to cyber attacks. But then again, all modern IT systems are connected, one way or the other, to the Internet. By that logic, all systems are vulnerable. In fact, the distributed nature of cloud computing makes it easier to recover from attacks, both of the cyber and the physical kind. At the same time, a thorough examination of the service provider’s security policies is necessary before deciding to sign on the dotted line. We have earlier addressed this issue in “Is Cloud Computing Secure?”.
- Compatibility – The fact that cloud computing networks may not be compatible with existing IT infrastructures is a fear that gives Chief Information Officers (CIOs) across the globe sleepless nights, tying their hands from embracing the new technology in spite of its multiple advantages on the cost and efficiency fronts. Moreover, the very presence of existing systems and the feeling that they may have to be replaced if cloud computing is adopted also holds them back. With hybrid clouds, some of these concerns may be addressed”
- Availability – When a company has its data in the cloud, it is not in its proximity. Consequently, its availability at critical junctures is potentially a matter of concern. Hence, before signing a contract with a service provider, it is important to clarify how the provider can guarantee data and service availability during bandwidth interruptions and DDOS (Distributed Denial Of Service) attacks.
- Compliance – Cloud computing may be based off the “cloud” of the Internet, but the actual data resides on multiple servers in multiple locations, often in multiple countries. While this has a distinct advantage as regards availability when any particular center is rendered inaccessible, there may be some issues regarding the legality of certain data being stored outside national borders.
- Monitoring – Since data is in the hands of the provider, monitoring may be a problem unless the proper processes are put in place. However, end-to-end monitoring over clouds is certainly possible.
- Lock in – This is another reason cited by CIOs on their reluctance to embrace cloud computing. The company signing up for such services must examine whether the provider uses standardized technology. If dissatisfied with the service, the client can easily shift to another provider without having to incur initial setup costs once again.
- Standardization – Now, this is something individual companies have little control over. With the absence of codified standards, it is very difficult to judge whether the service provided is good or bad. Also, the problem of locking in with a provider who uses uncommon technology is a distinct possibility. For more on this, have a look at “Cloud Computing Standards”
In conclusion, we can say that cloud computing is not risk-free, but perhaps, that is the truth of almost every technology out there. Almost all the risks can be managed with minimal effort, and balanced against all the benefits it provides, there’s no doubt which side of the argument as to whether or not to adopt cloud computing, wins.
By Sourya Biswas
Principal Security Consultant at NCC Group
13+ years of experience in Client Engagement, Business Development, Project Management and Management Consulting in the Information Security & Risk Management and IT Strategy domains.
250+ articles on Cloud Computing, technical editor of a reputed textbook.
MBA (double major in Consulting & Business Leadership) on full scholarship from Notre Dame, Bachelor’s engineering degree in Information Technology from a top 10 engineering institute in India.
Professional certifications include the CISSP, CISM, PMP, PSM and several ITIL Intermediates.