Below, I have Performed a short qualitative risk assessment of cloud computing that may be used as guidance for any company thinking of moving to the cloud. Showing some of the strengths, weaknesses and benefits?
Risks
Risk | Description | Probability | Impact Risk | Affects |
Lock-in | Difficult to migrate from one service provide to the next. | High | Medium | Company Rep., Data, Service |
Loss of Governance | Loss of some control to CP and unknown roles | Very High | Very High | Company rep, data, customers trust, service |
Compliance Challenged | Compliance with regulations and certifications | Very High | High | Certifications, fines |
Business Rep Loss | Poor Service harms business during transition. | Low | High | Company rep, service, data |
Cloud service Terminated | Poor provider, lack of understandable terms | N/A | Very High | Rep, trust, emp loyaty, service |
Provider Acquisition | Mergers and buy-outs of CP | N/A | Medium | Rep, customer trust, emp exp, intellectual property, data, service |
Supply chain Failure | Lack of supplier redundancy | Low | Medium | Company rep, customer trust, data, services |
Technical Risk | Over/under provisioning | Medium | Medium | Access control, company rep |
Malicious Insider | Abuse of high privileges | Medium | Very High | Company rep. data, employee and customer trust |
Intercept Data in transit | Weak encryption, vulnerabilities in cloud | Medium | High | Company rep. data, intellectual property |
Insecure/Ineffective deletion of data | Proper sanitization or data | Medium | Very High | Sensitive data, personal data |
DDoS | Distributed Denial of Service Attack | Medium | High | Cloud Interface, Network, Customers, Company rep, service |
Data Protection | Staorage in multiple locations | High | High | Company rep, data, service |
Not part of CP | Network Breaks | Medium | Medium | Service |
Social Engineering | Lack of security & awareness | Medium | High | Intellectual property, data, emp & customer trust, reputation. |
Natural Disasters | Lack or recovery plan | Very Low | High | Back-ups, all of the above |
Strengths & Benefits:
- Security measures are cheaper when implemented on a large scale.
- Data is replicated in multiple areas – increasing redundancy and independence from failure.
- Local network problems are less likely to have global side effects.
- Larger scale systems can develop more effective incident response capabilities.
- Threat management is increased since the larger corporations that own the cloud can afford the generalists to deal with specific security threats that smaller companies cannot.
- Reduces cost of running personal servers
- Access to better technology
Weakness and Costs:
- External CP will depend on network bandwidth
- Integration of variety of software, integration can be very costly
- Different configuration panel controls, learning curve for IT department
- Configuring mixed modes between physical, virtual & cloud
- Reports on performance could be hidden
- May not integrate with current management controls
Reference:
Alex Gutman and Martin Perlin. (February 2011) 8 Cloud Building Conditions You Need for Taking your Data Center to the Next Level. www.evolven.com. Retrieved from: http://www.evolven.com/blog/8-cloud-building-conditions-you-need-for-taking-your-data-center-to-the-next-level.html
Daniele Catteddu, Giles Hogben. (n.d. Cloud Computing Risk Assessment — ENISA. Retrieved from http://www.enisa.europa.eu/act/rm/files/…/cloud-computing-risk-assessment
Naushad K. Cherrayil. (October 7, 2011). Cloud computing is the future of networking retrieved from http://gulfnews.com/business/technology/cloud-computing-is-the-future-of-networking-1.886905