What are the Cloud Computing Challenges and Risks? (Part 1: Cloud Security Advantages!)

Perhaps by now, after you have read the:

- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?



you may be asking the following questions, among many others:

Where is my data?
• How does my data securely enter and exit the cloud?
How is my data protected in transit?
Who has access to my data?
• Who is accountable if something goes wrong?
• What’s the disaster recovery plan, including response to a pandemic?
• How to comply with Export and Privacy laws?
• Will my data disappear when my online storage site shuts down?
What happens if my cloud provider disappears?
How is the environment monitored for OS / DB / application failures and how are we notified?
How is the data protected and secured from theft and damage? Encrypted? and how are the
encryption keys rotated and managed?
• How easy is it to integrate with existing in-house IT?
• Does the system have enough customization capabilities to suit my needs?
Will on-demand cost more? What is the sweet-spot to consider when weighing Cloud vs inhouse?
• How difficult is it to migrate back to an in-house system? Is it even possible?
• Are there any regulatory requirements on my business that can prevent me from using the cloud?

You are not alone, as you can see by the results of the following poll:





Permission to use image provided by Frank Gens - http://blogs.idc.com/ie/


And let's start with probably the biggest one:

Security Issues in Cloud Computing Environments (Advantages and Challenges)

Research showed that the most common concern about implementing Cloud programs was security and privacy, a finding supported by an IDC study of 244 CIO's on Cloud Computing where 75% of respondents listed Security as their number one concern.

"With services such as Google's SaaS, data loss is less likely because the information is accessible from anywhere and anytime without saving it to an easily lost or stolen USB stick or CD" (Eran Feigenbaum, director of security for Google Apps)

Most organizations pay extraordinary attention and devote considerable resources to IT security, but that doesn't mean that their data is any more or less secure. The reality is that many attacks come from a lack of timely software update management and server misconfiguration. And the likelihood of such issues occurring (at least as frequently) is greatly reduced in the Cloud, where security-patching process is more streamlined than in a typical enterprise: vendors, servers and software architecture tend to be more homogeneous, and due to economies of scale, there is staff dedicated to security, ensuring application of the latest security patches.

In addition, the larger Cloud providers tend to have a better grasp of threats, because these people deal with security issues at more complex levels than your own IT team sees on a daily basis.


Let's look at some Cloud Security Advantages before looking to the Security Challenges:


Cloud Security Advantages

• Data fragmentation and dispersal are held by Unbiased Party (cloud vendor assertion); in fact,
shifting public data to an external cloud reduces the exposure of the internal sensitive data
Survey says that more than one-third of IT professionals abuse administrative passwords to access confidential data (in
http://www.internetnews.com/breakingnews/article.php/3824296)
• Cloud homogeneity makes security auditing/testing simpler
Dedicated Security Team
• Rapid Re-Constitution of Services
• Greater Investment in Security Infrastructure (Real-Time Detection of System Tampering; Low- Cost Disaster Recovery and Data Storage Solutions, Hypervisor Protection Against Network Attacks)
1 In 5 Companies Cutting IT Security Spending in 2009 (in
http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID=218100139&cid=RSSfeed_IWK_All )
• Simplification of Compliance Analysis
• On-Demand Security Controls


However, that doesn't mean you should blindly assume instant security when you opt for a services provider. Verify the Cloud provider procedures, even if that provider has security certifications.

So, in the next article we will look at some Cloud Security Challenges.


Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola

P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?


Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?

Cloud Computing gives you access to completely different levels of scale and economics in terms of the ability to scale very rapidly and to operate IT systems more cost-effectively than previously possible, as we can see by the results of the following poll:




We can say that the three main categories of benefits are:

1. delivery of service (faster time-to-value and time-to-market)
2. reduction of cost (CapEx vs. OpEx tradeoff and costs that are more competitive)
3. IT department transformation (focus on innovation vs. maintenance & implementation)

During economic downturns, the ability to speed up time-to-value and time-to-market becomes more critical than ever, and represents probably the most important benefit of the Cloud. Many companies are delaying projects unless they deliver a return on investment within weeks. With Cloud Computing, companies can speed up those times, because of the following benefits:

No upfront capital investments and less financial risk (allows companies to shift from capital to operational expenses, which also means better cash flow and a more competitive business); no more upfront huge capital investments on on-premise infrastructure (applications, servers, network, maintenance, licenses, hardware, facilities, etc.) with uncertain payoff and that may never be needed. After all, what if the benefits don't materialize? Too bad, the money's been spent! With Cloud Computing, you only pay for what you use when you need it and you can terminate the contract.

• Offers improved agility to deploy solutions (instead of taking months or weeks, now you just need days or hours) and choice between vendors (particularly when cloud interoperability becomes more of a reality than it is today)


Reduces the headaches of integrating and maintaining servers, storage & software, and eliminates mundane IT management tasks from skilled staff, leaving those tasks as the responsibility of the Cloud dedicated specialists. This allows your staff to concentrate on what they are skilled at, and to focus on things that drive the business: service innovation, in other words, rather than the drudgery of maintaining server uptime, installing yet another software upgrade, or adding yet another user account.


• Cloud computing also offers an on-ramp for your IT staff to recent computing advances such as non-relational databases, new languages, and new computing frameworks.

• Cloud Computing can lower IT barriers to innovation and increase interoperability between disjoint technologies


CLOUD COMPUTING: PAY FOR INNOVATION, NOT INFRASTRUCTURE ...

Maybe the best way to understand all these benefits is by giving an example:


Cloud Computing Benefits Example (IaaS)


Consider a researcher at a pharmaceutical company that needs to analyze a lot of data fast. If the results turn out as expected, the company could have a world-class success (and high profits) on its hands. But 25 servers are needed to crunch the huge volume of data!

• Scenario without Cloud Computing: wait until the purchase request is approved, wait until the servers arrive, wait until the servers are configured, etc. all of which can take several weeks or even several months. Let's say it takes three months. In an industry where the cost of delaying a product is estimated at $150 per second, that three months' wait would cost more than $1 billion.

• Scenario with Cloud Computing: the researcher clicks over to Amazon Web Services, configures the 25 servers in the Cloud in one hour, and within two hours has crunched the data. Total fee for the time using Amazon’s resources? Just $89.

Just a note: this isn't an imaginary example! This really happened at pharmaceutical company EliLilly, as you can see at:
http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1349671,00.html
Although this is a real-world example, there were some concerns about security and SLAs(Service Level Agreements) that Eli Lilly faced, such as: "How could they prove there was no trace of their data left in the Amazon Cloud? They had to take Amazon's word for it", and that's what we will address in the following sections.

IF ALL OF YOUR IT INFRASTRUCTURE (APPLICATIONS, DATA, SERVERS, ETC.) COULD BE MOVED 100% TO PUBLIC CLOUD MODEL, YOUR BUSINESS WOULDN'T NEED TO BUY ANY MORE HARDWARE, ANY MORE SOFTWARE, OR HIRE ANY ADDITIONAL IT STAFF.



So if Cloud Computing is all that, why isn't every business using Cloud Computing?

Well, because there are some risks – some major ones – and inherent challenges such as: the security of the enterprise data that is stored in the cloud, the risk of lock-in to cloud platform vendors, loss of control over cloud resources that are run and managed by someone else, reliability, governance, performance, human capital, compliance, integration with legacy systems. Some of these risks still don't have a industry-wide solution.

And that's what we will see in the next article: "What are the Cloud Computing Challenges and Risks?"

In the nexts articles, I will cover the followings points:

- What are the Cloud Computing Challenges and Risks?
- Real-World Cloud Computing Applications
- Cloud Computing Enterprise Implementation Road-Map

Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola

P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?

There was an error in this gadget