Introduction to Risk of Cloud Computing
Being an on-demand availability of system resources, like computing power and data storage cloud computing involves various types of risks that are grouped in different categories like privacy (involves risk like controlled Access, Segmentation, Risk with Sub letting services and ownership claim), availability (involves risk like service disruption), changes (involves risk like Changes in service and return of investment) and compliance( involves risk like Audit, storage location, and notification).
What is Cloud Computing?
Now to understand more about the risks, let us know more about the city Gotham. The city is an environment where people share services. These services can be infrastructure, platform, software, data, APIs, and anything one can think of sharing in public/private. This concept of cloud computing makes it super easy for the people, who plan to build their infrastructure in the city. With this idea, the cost-benefit, first-time investment and maintenance, along with computation capability, storage capability (hardware) is tangible. Description. Forrester, the research company quotes cloud computing as:
“A standardized IT capability (services, software, or infrastructure) delivered in a pay-per-use, self-service way. Research coverage includes cloud security.”
Types of Risks of Cloud Computing
The invaders of Gotham city can be anyone with any motive behind. Let us look at what the different types of risks prevail over Cloud computing and what are the different buckets we can categorize them into.
All of the below risks may result from malicious activities intended for attacking private data.
- Controlled Access: If the people/organization tries to store confidential data onto the cloud, by true nature of the cloud provides access to the service provider organization.
Analogous Situation: The government of Gotham city has all data as well as access.
- Segmentation: By the true nature of the subscription policy of cloud computing, there would be a lot of subscribers, thus making the data of one organization prone to another organization.
Analogous Situation: The data with the Gotham government is not properly secured, can lead to a situation where people can know about someone else’s health issues (not good to be displayed in public).
- Risks with Sub-letting Services: With the growing popularity of service providing genre in cloud computing, the organization cloud services’ layers are themselves built from other service provider organizations. Thus, the contractual agreement may not be fully transparent to end customers, leaving them at the blind spots.
Analogous Situation: The government of Gotham has MoU (Memorandum of Understanding) with some other governing body, which the citizens are not aware of, thus turning a blind eye to the usage of their data.
- Ownership Claim: If the agreement is not well-read, the ownership of the data can be unknowingly transferred to the service providing organization.
Analogous Situation: If citizens don’t give careful read to the agreement, someone can have access to the personal data and there are chances that this data can be used for unlawful activities.
- Service Disruption: This can be attributed to any fault in the internet connection as all transactions in cloud computing are done over the internet. This can be either service quality degraded or outage as a whole.
Analogous Situation: The citizens depend on electricity for all its regular needs. And if there is no electricity in Gotham, the whole idea of growing the city is foiled.
- Change in Service: Due to the volatile market, there may be acquisition or closure of a service provider, thus leading to unavailability to the service within short notice.
Analogous Situation: The government may come and go, and when they go the data might not be available temporarily or permanently depending on the next government’s plan.
- Return on investment: The whole intuition behind cloud computing is to be cost-effective. But due to unforeseen circumstances, the cost of the subscription is high, it might jeopardize the whole purpose of cloud computing.
Analogous Situation: The cost of subscribing for the service is so high that the budget allocated by each citizen for these services is ending up be non-cost effective.
- Audit: The service provider organization might not be following the external audit process, thus leading to a vulnerable position for the end customers.
- Storage Location: Since the data for the services resides in hardware, and the location of that storage device is not known, it might put up the risk of the country’s sensitive data getting leaked by rival countries.
- Notification: Proper and transparent communication regarding lack of breach to the end customer puts them at risk as they might not be aware of the havoc caused due to the same.
Advantages of Cloud Computing
In addition to the above risks involved in cloud computing, we might be thinking about whether cloud computing is worth the hype. Let us see the advantages of cloud computing and finally get an argument on its viability.
- Reduced Costs
- Keep up-to-date with the technology.
- Storage space optimization
- Flexibility of work
- Quick up time from disruption
Now it depends on the organization to go for a trade-off between the advantages versus the risks posed by them. There are different channels for risk mitigation to truly value the effectiveness of cloud computing which can be dealt with as a new topic altogether. But, just to add a flavor of mitigation is to determine appropriate controls to the service provider in terms of the contractual agreement and following up time to time on the practices by the service provider.
Mind Map of Cloud Computing
Thus, having a proper mitigation channel will enhance the usage of cloud computing with proper security and privacy and match the intention of why cloud computing was created. It might be possible that few data, for eg. Health/Finance data need to be handled with care in the cloud. The organization planning for moving to the cloud needs to have a full comparative report before the advancement.