Below, I have Performed a short qualitative risk assessment of cloud computing that may be used as guidance for any company thinking of moving to the cloud. Showing some of the strengths, weaknesses and benefits?
|Lock-in||Difficult to migrate from one service provide to the next.||High||Medium||Company Rep., Data, Service|
|Loss of Governance||Loss of some control to CP and unknown roles||Very High||Very High||Company rep, data, customers trust, service|
|Compliance Challenged||Compliance with regulations and certifications||Very High||High||Certifications, fines|
|Business Rep Loss||Poor Service harms business during transition.||Low||High||Company rep, service, data|
|Cloud service Terminated||Poor provider, lack of understandable terms||N/A||Very High||Rep, trust, emp loyaty, service|
|Provider Acquisition||Mergers and buy-outs of CP||N/A||Medium||Rep, customer trust, emp exp, intellectual property, data, service|
|Supply chain Failure||Lack of supplier redundancy||Low||Medium||Company rep, customer trust, data, services|
|Technical Risk||Over/under provisioning||Medium||Medium||Access control, company rep|
|Malicious Insider||Abuse of high privileges||Medium||Very High||Company rep. data, employee and customer trust|
|Intercept Data in transit||Weak encryption, vulnerabilities in cloud||Medium||High||Company rep. data, intellectual property|
|Insecure/Ineffective deletion of data||Proper sanitization or data||Medium||Very High||Sensitive data, personal data|
|DDoS||Distributed Denial of Service Attack||Medium||High||Cloud Interface, Network, Customers, Company rep, service|
|Data Protection||Staorage in multiple locations||High||High||Company rep, data, service|
|Not part of CP||Network Breaks||Medium||Medium||Service|
|Social Engineering||Lack of security & awareness||Medium||High||Intellectual property, data, emp & customer trust, reputation.|
|Natural Disasters||Lack or recovery plan||Very Low||High||Back-ups, all of the above|
Strengths & Benefits:
- Security measures are cheaper when implemented on a large scale.
- Data is replicated in multiple areas – increasing redundancy and independence from failure.
- Local network problems are less likely to have global side effects.
- Larger scale systems can develop more effective incident response capabilities.
- Threat management is increased since the larger corporations that own the cloud can afford the generalists to deal with specific security threats that smaller companies cannot.
- Reduces cost of running personal servers
- Access to better technology
Weakness and Costs:
- External CP will depend on network bandwidth
- Integration of variety of software, integration can be very costly
- Different configuration panel controls, learning curve for IT department
- Configuring mixed modes between physical, virtual & cloud
- Reports on performance could be hidden
- May not integrate with current management controls
Alex Gutman and Martin Perlin. (February 2011) 8 Cloud Building Conditions You Need for Taking your Data Center to the Next Level. www.evolven.com. Retrieved from: http://www.evolven.com/blog/8-cloud-building-conditions-you-need-for-taking-your-data-center-to-the-next-level.html
Daniele Catteddu, Giles Hogben. (n.d. Cloud Computing Risk Assessment — ENISA. Retrieved from http://www.enisa.europa.eu/act/rm/files/…/cloud-computing-risk-assessment
Naushad K. Cherrayil. (October 7, 2011). Cloud computing is the future of networking retrieved from http://gulfnews.com/business/technology/cloud-computing-is-the-future-of-networking-1.886905