Determining The Risks Of Cloud Computing

Article by Ron Frechette

The adoption of cloud computing solutions has become extremely popular, almost to the point of necessity for building a profitable business. This cloud adoption phenomenon will only continue to grow as we journey further into the Digital Age.  There are many benefits to be gained by transitioning to the cloud.  There are also several security and compliance risks to consider.

Cloud Computing Defined

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources such as networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Advantages of Cloud-Computing

  • Cost – the most significant benefit to cloud computing is IT cost savings. You can eliminate in-house client server storage and application requirements. This also eliminates associated costs such as power, air conditioning and administration.
  • Accessibility – cloud computing allows access to information from any PC or mobile device.
  • Dependability – cloud computing is much more dependable and consistent than in-house IT infrastructures. Most providers offer service level agreement (SLA) guarantees of around the clock access and little to no downtime.
  • Scalability On-Demand – you can expand and contract your IT needs by simply making a call or sending an email. Makes it easy to add new services, users or locations.
  • Shared Security and Compliance – most cloud service providers have a full time IT security and compliance staff to ensure they are providing their clients state-of-the-art security and they are up to date on all compliance mandates.

Disadvantages of Cloud Computing

  • Outages – cloud service providers manage several clients simultaneously. This can create support challenges. There is also the risk of the cloud service provider experiencing technical outages. This can lead to services being temporarily suspended.
  • Accessibility – If your business experiences a power outage, you will not have access to applications, server or data from the cloud services provider.
  • Security – Although cloud service providers are mandated to implement the best security standards and industry certifications, storing data and important files on external service providers always opens The ease in procuring and accessing cloud services can also give bad actors the ability to scan, identify, and exploit vulnerabilities within a system.
  • Limited Control – Since the cloud infrastructure is entirely owned, managed and monitored by the service provider, it transfers minimal control to the customer.

Top 6 Questions to ask Cloud Service Providers:

  1. What type of compliance certifications does your company hold?
    1. ISO 27001, SSAE 18 (SOC1, SOC 2, SOC 3 Reports) are important to have.
    2. PCI DSS Report on Compliance should be required if they process, store or transmit credit card data on behalf of your practice.
    3. If you are healthcare business, HIRUST certification would be of most interest.
  2. Can you share third-party auditor reports?
  3. Do you perform annual security risk assessments? Can you provide the results?
  4. Do you perform annual penetration testing? Can you provide the results?
  5. Do you have a disaster recovery and business continuity plan in place?
  6. Is your facility open for a physical walk-through inspection?

The answers to these questions will help you determine quickly if a cloud service provider is worth pursuing as a partner.

In closing, security around cloud computing solutions has improved dramatically over the past decade due to the increased demand for global connectivity.  The key is having the knowledge and knowing the right questions to ask… which now you have!

For more information on how you can implement these types of controls into your organization, send me a tweet @GoldSkyRon.  Until next month… wishing you a safe and prosperous journey in cyberspace!

GoldSky Security offers small and medium sizes business cybersecurity solutions across the US and currently has offices in Orlando, Florida and in Denver, Colorado.

Questions? Send me a tweet: @GoldSkyRon or email ron.frechette@goldskysecurity.com

Sources:

https://en.wikipedia.org/wiki/Cloud_computing_security