Sunday, July 6, 2008

Seven Risks of Cloud Computing

Networld Word has a good summary of a June 2008 study done by Gartner titled “Assessing the Security Risks of Cloud Computing.” Gartner defines cloud computing as a type of computing in which “massively scalable IT-enabled capabilities are delivered ‘as a service’ to external customers using Internet technologies.

Wikipedia has a more detailed definition of cloud computing:

Cloud computing refers to computing resources being accessed which are typically owned and operated by a third-party provider on a consolidated basis in Data Center locations. Consumers of cloud computing services purchase computing capacity on-demand and are not concerned with the underlying technologies used to achieve the increase in server capability.

The most common cloud computing platforms include Amazon’s EC2 service and Google’s Google App Engine.

I've become a pretty big fan of Google Docs which is a cloud application - it's what I use to type up my blogs and lots of other content. It's convenient because I can access my documents from just about any device connected to the Internet. I also don't have to worry about backing my content up, having a computer stolen with my work on it, etc. However, I've always been a little concerned about storing anything with personal information on a server anyone can try and access from anywhere in the world. There are other concerns too - here's the Gartner list as reported by Networld World:
  1. Privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the “physical, logical and personnel controls” IT shops exert over in-house programs.
  2. Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications.
  3. Data location. When you use the cloud, you probably won’t know exactly where your data is hosted. In fact, you might not even know what country it will be stored in.
  4. Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn’t a cure-all.
  5. Recovery. Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster.
  6. Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing.
  7. Long-term viability. Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company.
You can read the full Network World article titled "Gartner: Seven cloud-computing security risks" here.

No comments: