Cloudtweaks Logo
Risk Manegement
July 24, 2012

Methodology Of Cloud Risk Assessment Tips

By Abdul Salam

Cloud Risk Assessment Tips

A Break in the Cloud’s Silver Lining

Though cloud computing is considered as the new paradigm of computing, it should not be considered as a new technology but merely a new implementation or application of existing technology, specifically networking and telecommunications technology. So this brings with it some inherent security risks, with some security experts stating that “the economies of scale and flexibility (that cloud computing brings) are both a friend and a foe from a security point of view.”

When your application and data is streamed half way around the world from your geographical location, there is a risk that whatever data is traveling may be intercepted by a third party with malicious intent. And as data and resources are massively concentrated virtually or literally, this creates a very attractive target for attackers. But cloud-based defenses can also be made to be robust, scalable and cost-effective. That is the goal that the ENISA working group had in mind when they drafted the Methodologies for Cloud Computing Risk Assessment.

Methodology for Cloud Risk Assessment

Because of the inherent risks associated with cloud computing, an ad-hoc working group within the European Network and Information Security Agency (ENISA), the European Union’s center for excellence in network and information security, made an assessment of the benefits and security risks that are present in cloud computing. Then the group gave recommendations on how to mitigate these risks and enhance the benefits of cloud computing.

The working group responsible for the risk assessment also determined a methodology which allows direct comparison between items that enable organizations to perform their own risk assessment and risk management of cloud services and infrastructure. The purpose of which is:

  • To be able to determine the most appropriate risk assessment and management items that an organization may use depending on their situation like which business sector they belong to, the size of the organization, culture, regulation requirements, the sophistication of their risk approach, and their available resources.
  •  To enable a direct comparison between risk assessment and management items in order to achieve a better understanding and permit expert advice on their suitability for use in the given situation of the organization.

The methodology considers the process of risk assessment and management items and together with their inputs and outputs, scores them against set benchmarks that were determined by the group. Depending on the nature of the organization, their business, and their geographical location which determines regulatory processes, they can determine their overall requirements for risk assessment and risk management (RA/RM) by considering and listing down a number of “use cases” and then determining the RA/RM requirements based on that. The organization then assign scores to their processes based on the benchmarks which results in an alignment profile created using a radar chart. It is recommended that individual organizations produce their own ideal alignment profile on which they may compare the score of their profile against.

All the recommendations and methodology are on a document that can be downloaded from ENISA’s website: http://www.enisa.europa.eu.

Conclusion

The importance of assessing and managing the risks that comes with cloud computing is very important so that an organization’s cloud computing foray may return positive rewards. If this was neglected and the organization jumps in blindly, they may not achieve the full potential of cloud computing and may not be able to cope with the risks involved.

By Abdul Salam

Abdul Salam
Abdul Salam is Projects Lead, Cloud ERP Applications with the University of Sharjah

He has 13+ year of work experience with Oracle implementation and knowledge to Oracle and partners project methodologies. He is working as HRMS Consultant - Oracle Apps with Arowana Consulting, Dubai for more than two years and has principal expertise in some business process and modules as Oracle Core HR / Oracle Payroll, Oracle Performance Management, Oracle SSHR, Oracle Time and Labour and others.
Steve Prentice

Episode 20: Why inbound telephone calls are still vital to your business

A conversation with David Anandraj, manager of Product Management for the ecommerce segment of BCM [...]
Read more
Premkumar Balasubramanian

It Can Be The Year of Right Clouding – But Avoid Potential Pitfalls

Some people are calling 2023 The Year of Cloud Repatriation. I think this is a bit inflammatory. [...]
Read more
Derek Pilling

Is My Data Architecture Multi-Cloud or Multiple Cloud?

Multi-Cloud or Multiple Cloud? In the post, What is Multi-Cloud?, we defined multi-cloud in the [...]
Read more
Derek Pilling

Episode 22: Reframing Cloud as an Insight Factory

While organizations remain focused on trying to extract more insight and value out from their [...]
Read more
Gary Bernstein

The AI Vanguard: MixMode’s 2024 Insight into Cybersecurity’s New Era

Insight into Cybersecurity’s New Era As we enter into 2024, the adoption of AI in [...]
Read more
Gary Bernstein

Unleash the Power of Your Website with These 25 VPS Providers

Simplify Your Website Management with VPS Hosting Updated 10.17.2023 VPS stands for Virtual Private Server, [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
TOPICS
AI BIG DATA CLOUD DEVOPS INFOSEC
SERVICES
SPONSORED POSTS BRANDED COMICS THOUGHT LEADERSHIP WEBINARS
Company
ABOUT BLOG MEDIA KIT CONTACT
© 2024 CloudTweaks. All rights reserved.