Cloud Computing Risks vs Benefits
On the average, over the last decade more than 40,000 people have been killed annually in automobile accidents in the United States. Now, this may give the impression that road travel is dangerous, and, if compared walking, it is. However, when comparing cloud computing risks vs benefits, one should consider both the risks and benefits. Ever tried walking the ten miles to your office you commute in your car? The obvious case of benefits of automobiles outweighing the risks becomes clearly evident.
The same is true for airplane travel. Accidents do occur; however, compare to the thousands of flights taking off and landing daily, these accidents are in a minority, and a very miniscule minority at that. Cloud computing is just like that – enormous advantages accompanied by some risks. If this analogy brings a sense of déjà vu to our readers, it’s not without reason; this topic had been explored in an earlier article four months ago. And the similarities don’t end there.
When air travel started, it was obviously a dangerous way to travel. However, over the years, as technologies advanced and knowledge was gained, air travel became progressively safer to emerge as the most popular way to travel. The reasons are obvious – maximum distance covered in minimum time. The enormous savings in time, coupled with the comfort, has prompted many to pay a premium over travel by car or train. Even the safety concerns have been addressed – statistically (for those who have an affinity for these things), air travel is the safest mode of travel. In fact, researchers believe, Al Qaeda may have contributed to more American deaths by discouraging air travel post-911 than they inflicted in the Twin Towers attack.
Cloud computing stands where the airplane stood several decades ago – a technology with infinite potential but some obvious drawbacks. Cloud computing, in spite of the buzz around it, is relatively young and obviously, prone to teething problems. There’s no denying problems exist, especially on the issue of security; the vagueness of cloud computing contracts and lack of standards do not help, neither do actions of some Service Providers.
However, when compared to the immense potential of the technology in terms of benefits, these problems seem minor. Especially, since as time progresses, the benefits are expected to grow and the problems, reduce. Just to put it in perspective: if you found a stock that had a 90% probability of 50% returns annually and only a 5% probability of losing its value, wouldn’t you buy it? Ok, now suppose that for every year you hold the stock, the probabilities of success and failure increase and decrease by a percentage respectively, what will be your answer then?
I would like to introduce the concept of BATNA at this point. BATNA, or the best alternative to a negotiated agreement, is a concept in negotiation theory that defines the course of action that will be taken by a party if the current negotiations fail and an agreement cannot be reached. According to this theory, an agreement makes sense as long as it’s better than the next-best alternative. Extending this to the field of computing, going on the cloud makes sense as long as it’s better than the next-best alternative of sticking with traditional IT infrastructure.
Now, in order for a proper assessment, it is necessary to determine what the next-best alternative offers. Other than the obvious advantage of a mature technology that people understand, cloud computing is better on the parameters of costs, scalability and disaster recovery. Even on the issue of security on which cloud computing is pilloried, it can offer distinct advantages that a CD of confidential information that can be misplaced (and has been) cannot.
On that note, here’s what MacDonnell Ulsch, CEO and Chief Risk Analyst of the Boston, MA-based ZeroPoint Risk Research, LLC, and keynote speaker the recent Federal Financial Institutions Examination Council (FFIEC) Information Technology Conference held in Washington, DC, had to say about the possible pitfalls of going on to the cloud: “Technology innovation is in part what makes America great, and it is a clear demonstration that the U.S. is a technology leader. But we often fail to reasonably assess the regulatory and other risks associated with new technologies and applications. Failing to meet the mandatory minimum requirements associated with data security and privacy regulations could lay a foundation for other highly impactful risk.”
While some impressive figures of half a billion electronic records in the United States having been compromised over the last six years were mentioned, not all were on the cloud; even if a large part were, it has to be weighed against the billions of dollars businesses are saving and will continue to save due to cloud computing. That is why not only businesses, but traditionally security-paranoid institutions like financial institutions and the US military have started to embrace the technology.
That is why former federal Chief Information Officer Vivek Kundra, who recently left office, has termed security and privacy concerns as “unfounded and ridiculous” excuses used by federal agencies to avoid adopting cloud computing. In his opinion, the BATNA of “IT cartels” that would “bid for Government contracts and their expertise wasn’t superior technology or innovation” but “a PhD in understanding how to navigate the complicated procurement process” was not feasible.
“We cannot continue on that path in this tough fiscal environment that we’re in. That is why as part of the administration we instituted a ‘cloud first’ policy, recognizing that some of the most major innovation is not happening within the old model of what I call the ‘IT cartel’ where people continue to win this contract and their objective is essentially to put in as many people as possible and bill at exorbitant rates.” He said.
In conclusion, yes, problems exist, and perhaps, will continue to exist for some more years; but, cloud computing is the future, and the earlier businesses understand that, the more they will benefit.
By Sourya Biswas
Principal Security Consultant at NCC Group
13+ years of experience in Client Engagement, Business Development, Project Management and Management Consulting in the Information Security & Risk Management and IT Strategy domains.
250+ articles on Cloud Computing, technical editor of a reputed textbook.
MBA (double major in Consulting & Business Leadership) on full scholarship from Notre Dame, Bachelor’s engineering degree in Information Technology from a top 10 engineering institute in India.
Professional certifications include the CISSP, CISM, PMP, PSM and several ITIL Intermediates.