Article Index

 Is the state of cloud computing today closer to the promise of liberation or are we increasingly experiencing less control and freedom as our business model is closer and closer to the life of a shark? Swim or die

BENEFITS IN CLOUD COMPUTING ARE DIRECTLY ASSOCIATED TO THE TYPE OF CLOUD SERVICE, OR VIRTUAL SERVICE, AND WITH THESE OPPORTUNITIES, THERE ARE NEW FACTORS TO BE ADDED IN A COMPANY'S RISK.

VirtualizationPlacementRisk

The Center for Internet Security – states up to 80% of cyber attacks could be prevented by five simple actions

  1. Maintaining an inventory of authorized and unauthorized devices

  2. Maintaining an inventory of authorized and unauthorized software

  3. Developing and managing secure configurations for all devices

  4. Conducting continuous (automated) vulnerability assessment and remediation

  5. Actively managing and controlling the use of administrative privileges

As identified by ISACA (Information Systems Audit and Control Association) the following attributes of cloud computing should be categorized under Business Impact and Risk:

Applications processed in the cloud have similar implications for the business as traditional outsourcing. These include:

  • Loss of business focus
  • Solution failing to meet business and/or user requirements; not performing as expected; or not integrating with strategic IT plan, information architecture, and technology direction
  • Incorrect solution selected or significant missing requirements
  • Contractual discrepancies and gaps between business expectations and service provider capabilities
  • Control gaps between processes performed by the service provider and the organization
  • Compromised system security and confidentiality
  • Invalid transactions or transactions processed incorrectly
  • Costly compensating controls
  • Reduced system availability and questionable integrity of information
  • Poor software quality, inadequate testing and high number of failures
  • Failure to respond to relationship issues with optimal and approved decisions
  • Insufficient allocation of resources
  • Unclear responsibilities and accountabilities
  • Inaccurate billings
  • Litigation, mediation or termination of the agreement, resulting in added costs and/or business disruption and/or total loss of the organization
  • Inability to satisfy audit/assurance charter and requirements of regulators or external auditors
  • Reputation
  • Fraud

Common infrastructure benefits focus on availability, efficiency, and recovery. Still, with benefits and opportunities, there will also be Technology, Compliance, Licencing and Security Risks.

  • The introduction of virtualization brings many changes that need to be reflected in the tools that administrators use to manage systems. Some examples of the types of changes that need to be addressed include:
  • Servers and workstations no longer are tied to a particular, known location.
  • Releasing software patches is different in a virtual environment.
  • Backup and restore  -  central location as opposed to execution on the machine.
  • Monitoring tools that are used to correlating hardware and software events may no longer understand where dependencies lie.
  • In addition, each virtual platform has its own management tools, which need to be integrated into operations.