Cloud Computing and It’s Associated Risks
As Cloud Computing makes the access to the applications easy, without any geographic constraints and comes with extra convenience in usage, more and more businesses today are relying on cloud computing technology for their business operations. In other words, they are indulging in Internet-based computing, wherein servers, storage and applications are provided to an organization’s computers and other digital devices via the Internet. General example of cloud services is Google apps, provided by Google and Microsoft SharePoint. It allows organizations to improve the creation and delivery of IT solutions by letting them access services more conveniently and cost-effectively.
Cloud computing comes in three forms; public clouds, private clouds, and hybrids clouds. In public cloud computing, a third-party provider provides services to external customers. In private cloud computing, business offers services to internal customers. Whereas, hybrid cloud computing is a mixture of cloud and in-house provided shared resources.
For a small and medium size business (SMB), adoption of cloud computing is currently gaining momentum. As in the SMB sector, there is often a lack of time and financial resources to purchase and maintain an IT infrastructure, cloud computing is widely accepted in these sectors. However, the rapid growth in field of ‘cloud computing’ has increased severe security concerns.
Cloud computing often raises concerns about security, data management risks, control and performance. The boom in cloud computing has given room to security challenges for the consumers as well as the service providers. After hacking and theft incidents being reported on some of the leading players in the recent past, everyone is taking a step-back and concentrating on their risk tolerance policy. However, like any technology, cloud computing also has its own risks. Let’s understand some of the major threats to cloud computing;
Loss of control: Cloud computing has completely changed the way IT services are delivered. Here, services are provided by external service providers. Therefore, organizations need to understand the risks associated with the loss of control of the IT infrastructure as well as data access control.
Data loss and leakage: As infrastructure resources are shared over the cloud, organizations should encrypt their data and have proper disposal procedures.
Risk during sign-up: It is quite simple to register with a cloud computing service. But, in many cases, the service provider seldom offers a free trial period. Organizations should be careful about that and realize their risks due to anonymous signup, lack of validation, service fraud, and so on.
Account hijacking: Account hijacking has become very common. Simple phishing and fraud schemes can allow a hacker to get access to your account. Organization should provide accurate knowledge about such problems to their employees.
Insecure interfaces: Application programming interfaces (API) that are used to create, manage, and monitor services may be subject to security vulnerabilities, thus posing the organization as well as the users at risk.
Shared technology: As multiple users share and store their data on the cloud servers, organizations should have appropriate protection and policies in place to keep their data secure.
Malicious insiders: It is not a compulsion for the organizations opting for cloud computing to have in-depth knowledge about the technical details of how the services are delivered. Though the service provider’s procedures, access as well as monitoring and compliance related issues are transparent to the organization using the service, without appropriate knowledge and control; the organization may be at risk.
Risk profile: There are many service providers for whom priority is functionality and benefits, while IT security is not a matter of concern for them. However, please keep in mind that without appropriate software updates, intrusion prevention, and firewalls, your organization may be at risk.
Activity of users: User’s activities such as visiting malicious web sites, clicking on malicious links embedded in e-mail messages, etc. can download malware to a local workstation. Organization should be aware about such activities and take appropriate precautions to protect their IT infrastructure.
Vulnerabilities in browsers: Cyber-criminals are continuously targeting user’s browser. By exploiting browser vulnerabilities, these criminals can get access to the same applications and data that the users access.
To ensure data integrity and business continuity, Accurate Risk Assessments can help organizations to identify, manage, and reduce their cloud computing risks.
By: Govind Rammurthy
MD & CEO, eScan