Risks of Cloud Computing

Introduction to Risk of Cloud Computing

Being an on-demand availability of system resources, like computing power and data storage, cloud computing involves various types of risks that are grouped in different categories like privacy (involves risk like controlled Access, Segmentation, Risk with Sub letting services and ownership claim), availability (involves risk like service disruption), changes (involves risk like Changes in service and return of investment) and compliance( involves risk like Audit, storage location, and notification).

What is Cloud Computing?

Now to understand more about the risks, let us know more about the city of Gotham. The city is an environment where people share services. These services can be infrastructure, platform, software, data, APIs, and anything one can think of sharing in public/private. This cloud computing concept makes it super easy for people who plan to build their infrastructure in the city. With this idea, the cost-benefit, first-time investment and maintenance, along with computation capability, storage capability (hardware), is tangible. Description. Forrester, the research company, quotes cloud computing as:

 “A standardized IT capability (services, software, or infrastructure) delivered in a pay-per-use, self-service way. Research coverage includes cloud security.”

Types of Risks of Cloud Computing

The invaders of Gotham city can be anyone with any motive behind it. Let us look at what the different types of risks prevail over Cloud computing and what are the different buckets we can categorize them into.

1. Privacy

All of the below risks may result from malicious activities intended for attacking private data.

• Controlled Access: If the people/organization tries to store confidential data onto the cloud, the cloud’s true nature provides access to the service provider organization.

Analogous Situation: The government of Gotham city has all data as well as access.

• Segmentation: By the true nature of the subscription policy of cloud computing, there would be many subscribers, thus making the data of one organization prone to another organization.

Analogous Situation: The Gotham government’s data is not properly secured, which can lead to a situation where people can know about someone else’s health issues (not good to be displayed in public).

• Risks with Sub-letting Services: With the growing popularity of service providing cloud computing genre, the organization’s cloud services’ layers are built from other service provider organizations. Thus, the contractual agreement may not be fully transparent to end customers, leaving them in blind spots.

Analogous Situation: The government of Gotham has an MoU (Memorandum of Understanding) with some other governing body, which the citizens are not aware of, thus turning a blind eye to their data usage.

• Ownership Claim: If the agreement is not well-read, the data’s ownership can be unknowingly transferred to the service providing organization.

Analogous Situation: If citizens don’t give a careful read to the agreement, someone can have access to personal data, and there are chances that this data can be used for unlawful activities.

2. Availability

• Service Disruption: This can be attributed to any fault in the internet connection as all cloud computing transactions are done over the internet. This can be either service quality degraded or outage as a whole.

Analogous Situation: The citizens depend on electricity for all their regular needs. And if there is no electricity in Gotham, the whole idea of growing the city is foiled.

3. Changes

• Change in Service: Due to the volatile market, there may be acquisition or closure of a service provider, thus leading to unavailability of the service within short notice.

Analogous Situation: The government may come and go, and when they go, the data might not be available temporarily or permanently depending on the next government’s plan.

• Return on investment: The whole intuition behind cloud computing is to be cost-effective. But due to unforeseen circumstances, the cost of the subscription is high; it might jeopardize the whole purpose of cloud computing.

Analogous Situation: The cost of subscribing to the service is so high that the budget allocated by each citizen for these services is ending up be non-cost effective.

4. Compliance

• Audit: The service provider organization might not follow the external audit process, thus leading to a vulnerable position for the end customers.
• Storage Location: Since the data for the services resides in hardware, and the location of that storage device is unknown, it might risk the country’s sensitive data getting leaked by rival countries.
• Notification: Proper and transparent communication regarding lack of breach to the end customer puts them at risk as they might not be aware of the havoc caused due to the same.

Advantages of Cloud Computing

In addition to the above risks involved in cloud computing, we might be thinking about whether cloud computing is worth the hype. Let us see the advantages of cloud computing and finally get an argument on its viability.

• Reduced Costs
• Scalability
• Keep up-to-date with the technology.
• Storage space optimization
• Flexibility of work
• Quick up time from disruption

It depends on the organization to go for a trade-off between the advantages versus the risks posed by them. There are different channels for risk mitigation to truly value cloud computing effectiveness, which can be dealt with as a new topic altogether. But, just to add a flavour of mitigation is to determine appropriate controls to the service provider in terms of the contractual agreement and follow up from time to time on the service provider’s practices.

Mind Map of Cloud Computing

Conclusion

Thus, having a proper mitigation channel will enhance cloud computing usage with proper security and privacy and match the intention of why cloud computing was created. It might be possible that few data, e.g. Health/Finance data, need to be handled with care in the cloud. The organization planning for moving to the cloud needs to have a full comparative report before the advancement.