Preview

Assessing the Security Risks of Cloud Computing

Powerful Essays
Open Document
Open Document
2907 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Assessing the Security Risks of Cloud Computing
Research
Publication Date: 3 June 2008 ID Number: G00157782

Assessing the Security Risks of Cloud Computing
Jay Heiser, Mark Nicolett

Organizations considering cloud-based services must understand the associated risks, defining acceptable use cases and necessary compensating controls before allowing them to be used for regulated or sensitive information. Cloud-computing environments have IT risks in common with any externally provided service. There are also some unique attributes that require risk assessment in areas such as data integrity, recovery and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance and auditing. Key Findings
• • The most practical way to evaluate the risks associated with using a service in the cloud is to get a third party to do it. Cloud-computing IT risks in areas such as data segregation, data privacy, privileged user access, service provider viability, availability and recovery should be assessed like any other externally provided service. Location independence and the possibility of service provider "subcontracting" result in IT risks, legal issues and compliance issues that are unique to cloud computing. If your business managers are making unauthorized use of external computing services, then they are circumventing corporate security policies and creating unrecognized and unmanaged information-related risks.

• •

Recommendations
• • • • Organizations that have IT risk assessment capabilities and controls for externally sourced services should apply them to the appropriate aspects of cloud computing. Legal, regulatory and audit issues associated with location independence and service subcontracting should be assessed before cloud-based services are used. Demand transparency. Don 't contract for IT services with a vendor that refuses to provide detailed information on its security and continuity management programs. Develop a strategy for the controlled and secure use of
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Better Essays

    Cmgt 441 - Week 2 Individual
    • 1626 Words
    • 7 Pages

    Cmgt 441 - Week 2 Individual

    Cloud computing is a fast growing information technology trend that many companies including Google, Microsoft, and IBM are currently looking to get a stake in as demand for the service grows. Cloud computing is the concept of allowing both individuals and businesses to store data and applications on remote servers (owned and operated by a third party company), rather than on their own hard drives and data centers. The service boasts the ability to securely access data and applications from just about any device with an internet connection, allowing for such services as streaming music from a personal collection from multiple devices, and even to business development and storage of applications on remote servers. For the past few years, cloud computing has quickly grown in popularity, and as such, has come with its own set of risks and security concerns. As use of this service grows by both consumers and businesses, it will no doubt continue to attract the attention of hackers and cyber criminals, as it offers a central repository of data that can contain everything from financial statements, to company intellectual property. On 7/11/2011, eweek.com posted an article called “Cloud Computing Security: 10 Ways to Enforce It”, which attempts to give several suggestions on the best way to ensure that cloud computing is as safe as it is convenient.…

    • 1626 Words
    • 7 Pages
    Better Essays
    Read More
  • Better Essays

    Cmgt 442 Week 4 Individual Assignment Outsourcing Risks
    • 1256 Words
    • 6 Pages

    Cmgt 442 Week 4 Individual Assignment Outsourcing Risks

    Outsourcing has become an integral part of many organizations today. Outsourcing has its advantages and disadvantages that organizations will have to weigh to decide whether or not outsourcing is the best possible solution to their current problems and business operations. Outsourcing refers to the process of hiring external provider to operate on a business or organization function (Venture Outsource, 2012). In this case, two organizations or businesses enter a contract where there will be an exchange of services and payments. This paper will discuss the possible risks an organization may encounter in outsourcing in relation to the use of an external service provider for data storage, use of an enterprise service provider for processing information systems applications such as a payroll, human resources, or sales order taking, use of a vendor to support desktop computers, and use of a vendor to provide network support. This document will also discuss the risk mitigation strategies for each individual situation.…

    • 1256 Words
    • 6 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    Sci/412 7980 Case Study 1
    • 622 Words
    • 3 Pages

    Sci/412 7980 Case Study 1

    The following is a case study of the benefits of utilizing cloud computing in the public sector. "Cloud computing has the potential to greatly reduce waste, increase data center efficiency and utilization rates, and lower operating costs."(Kundra, 2010) Using the CIO Council 's 2010 document titled State of Public Sector Cloud Computing, this case study will match 10 of its case study examples with the nine benefits from the Federal Cloud Computing Strategy (Cloud First Policy). In further detail the case study of the Social Security Administration - Online Answers Knowledgebase and its benefits will be discussed.…

    • 622 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    CIS-500 Week 1 Case Study 2: Cloud Computing
    • 1351 Words
    • 6 Pages

    CIS-500 Week 1 Case Study 2: Cloud Computing

    Trust is not easily defined, but most people agree that when it comes to cloud computing, transparency is essential to creating trust. Businesses must be able to see cloud service providers are complying with agreed data security standards and practices. These must include controls around who has access to data, staff security vetting practices, and the technologies and processes to segregate, backup and delete data. Suppliers of cloud technologies and services are quick to claim that cloud computing is well equipped to provide the necessary controls. Virtualization, they argue, underlies cloud computing, and therein lies the potential to achieve hitherto impossible levels of security. While virtualization is viewed with suspicion and fear by many IT directors, suppliers like RSA, IBM and other say that the technology enables organizations to build security into the infrastructure and automate security processes, to surpass traditional data protection…

    • 1351 Words
    • 6 Pages
    Better Essays
    Read More
  • Better Essays

    Cis 500- Cloud Computing
    • 1078 Words
    • 5 Pages

    Cis 500- Cloud Computing

    Technology has taken great leaps of advancement. Some of the new technology that companies and consumers are taking advantage of to store and process data is cloud computing. Cloud computing was derived from virtualization. Virtualization allows companies to separate business applications from hardware. Doing this gives the company the capability of assigning applications as needed. The option to manage applications is a great benefit to companies. Resulting from the virtualization error, cloud computing has emerged to provide flexible IT infrastructures. This has not only enhanced the options companies now have, but it is also proven to be more cost efficient. This has increasingly become a preferred method of companies and consumers alike. (Turban, & Volonino, 2011, p.47)…

    • 1078 Words
    • 5 Pages
    Better Essays
    Read More
  • Good Essays

    Arnie Case: Recoupabyte Confidential Inc.
    • 2396 Words
    • 10 Pages

    Arnie Case: Recoupabyte Confidential Inc.

    Large enterprises have been reluctant to move certain files or apps to the cloud network. The market size for cloud is far behind what it was expected to be, and for good reason. Consumers have concerns with cloud computing security, especially when it involves data security and confidentiality issues. This article shows the legitimacy of concerns people are have when dealing with…

    • 2396 Words
    • 10 Pages
    Good Essays
    Read More
  • Powerful Essays

    Cloud Security Report
    • 9993 Words
    • 40 Pages

    Cloud Security Report

    Cloud Computing is the result of a rapid evolution of computing technologies and a response to the new world business requirements. The adoption of the technology is widely accepted and its future is promising. However the cloud computing phenomena does not come without a risk. There are many issues of concerns that might slow the adoption of the cloud computing; most notably are the security concerns which come as a result of the complexity of cloud technologies and the wide parties involved with them. Issues such as cloud computing compliance and governance, cloud computing deployment and architectural models, virtualization, cloud computing applications, cloud operations, standards, guidelines, frameworks and contracting for cloud service provisioning are all necessary for any business to understand before adopting the technology. This report will explain the top security risks of using cloud service providers for essential business applications and how they can be identified using the cloud risk assessment process. It will also explore various topics related to cloud computing, including concepts and terminologies of cloud security, risk assessment, frameworks and standards. It will conclude with a scenario of a case study to explain the process of analyzing a cloud service provider services security; and to show some of the most common cloud computing risks that exist in the world.…

    • 9993 Words
    • 40 Pages
    Powerful Essays
    Read More
  • Good Essays

    Hrm 531 Risk Management Plan
    • 1171 Words
    • 5 Pages

    Hrm 531 Risk Management Plan

    The use of this tool will help provide an assessment for the stakeholders on the effectiveness of the internal security and controls related to the cloud computing environment. Deficiencies within the internal controls can be identified. An assessment can be prepared for the stakeholders that will help them determine if the quality and reliability of the service they are being provided is compliant with the results of the internals control audits.…

    • 1171 Words
    • 5 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Example Of Annotated Bibliography Essay
    • 659 Words
    • 3 Pages

    Example Of Annotated Bibliography Essay

    In this article, Patrick Thibodeau comments on Federal CIO Vivek Kundra’s claim that cloud computing concerns are exaggerated. Thibodeau explains clearly the claims made by Kundra about the overall security with cloud computing. Thibodeau blames the scare of cloud computing to IT developers belief of a status quo. Thibodeau concludes the article with a few success stories of basic cloud computing services working in the U.S. Government.…

    • 659 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Business Value of Cloud Computing
    • 1023 Words
    • 5 Pages

    Business Value of Cloud Computing

    Cloud computing offers software and hardware resources and in some cases human services over a distributed environment that can be shared and utilized on demand through internet. Business owners can use these resources as per their requirement even if that is for few hours a day or few days a month and have to pay only for that actual use. Thus this relatively new concept is becoming highly popular among IT organizations because of its flexibility and cost effectiveness. It is highly scalable and also can span quickly according to the requirements of individual organization yet still sharing the same resources.…

    • 1023 Words
    • 5 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    Excellent Science in the Digital Age
    • 267 Words
    • 2 Pages

    Excellent Science in the Digital Age

    If you were advising a company trying to make a decision about cloud computing for key business applications, what would you advise and why?…

    • 267 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Overview and Issues for Implementation of the Federal Cloud Computing
    • 13907 Words
    • 56 Pages

    Overview and Issues for Implementation of the Federal Cloud Computing

    Cloud computing is a new name for an old concept: the delivery of computing services from a remote location, analogous to the way electricity, water, and other utilities are provided to most customers. Cloud computing services are delivered through a network, usually the Internet. Some cloud services are adaptations of familiar applications, such as e-mail and word processing. Others are new applications that never existed as a local application, such as online maps and social networks. Since 2009, the federal government has been shifting its data storage needs to cloud-based services and away from agency-owned data centers. This shift is intended to reduce the total investment by the federal government in information technology (IT) (data centers), as well as realize other stated advantages of cloud adoption: efficiency, accessibility, collaboration, rapidity of innovation, reliability, and security. In December 2010, the U.S. Chief Information Officer (CIO) released “A 25-Point Implementation Plan to Reform Federal IT Management” as part of a comprehensive effort to increase the operational efficiency of federal technology assets. One element of the 25-Point Plan is for agencies to shift to a “Cloud First” policy, which is being implemented through the Federal Cloud Computing Strategy. The Cloud First policy means that federal agencies must (1) implement cloud-based solutions whenever a secure, reliable, and cost-effective cloud option…

    • 13907 Words
    • 56 Pages
    Powerful Essays
    Read More
  • Good Essays

    assignment IST309
    • 1030 Words
    • 3 Pages

    assignment IST309

    The first article is “Cyber Security Considerations When Moving to Public Cloud Computing” by Muhammed A. Badamas, which mainly examines the potential and possibility of data security concerns to derail the future of public cloud computing. I am so interested in the Cloud computing since The reason why I chose this article is because that the author interviewed four real-life companies which represented different level of profitability and scale of operation.…

    • 1030 Words
    • 3 Pages
    Good Essays
    Read More
  • Best Essays

    The Pros and Cons of Cloud Computing
    • 3770 Words
    • 16 Pages

    The Pros and Cons of Cloud Computing

    But would business also use cloud services? If we take Dropbox as an example, would a firm use a similar service and upload files on a foreign server, hence give away files to a different company? Even when functionality is easy, what about legal or safety concerns? The question here is a different one than for private usage. In this essay we will examine the pros and cons of the functionality of cloud computing (CC) possibilities in regards of the delivery of information system (IS) to the client by slipping into the role of a CIO on the receiving side and a sales person on the giving side respectively.…

    • 3770 Words
    • 16 Pages
    Best Essays
    Read More
  • Good Essays

    Cloud Computing Research
    • 715 Words
    • 3 Pages

    Cloud Computing Research

    The world revolves around money. Why pay more for less or why would you pay for something that you don’t need. In this research essay I will explore the Cloud Services community. I will explain what important services to have are and which type of cloud services you should have for the size of the company you are running or plan to run.…

    • 715 Words
    • 3 Pages
    Good Essays
    Read More

Related Topics