Security in Cloud Computing Revisited

Posted by Policyhubadmin on 18 September 2013
by Policyhubadmin

Definition

Cloud Computing is a business model for IT that enables convenient, on demand network access to a shared pool of IT resource that can be rapidly provisioned with minimal management effort and minimal interaction with the cloud service provider. Cloud computing is made possible by ‘virtualisation’, a technical model which enables savings in infrastructure and other costs and focuses IT professional management (both in the user organisation and in the cloud provider) on its core responsibilities. 

 

Background / Context:

Since 2009, the economic crisis has led to a lack of investment in many IT infrastructures and prompted a hunt for more cost effective alternatives. As a result, options for cloud implementation include public, private and hybrid models.

The benefits can be significant. Reasons for using a well managed cloud service include:

  • Dynamic reallocation and rescaling of resource, thus better resilience
  • More assured and integrated updating of machinery, applications and processes
  • Less effort needed for system administration by the client organisation
  • Lower cost per user than locally provided services
  • Enabling the business to concentrate on operations rather than IT

The need to continue to cut costs and improve performance has increased the take up of cloud services in a sometimes misguided perception that they are always cheaper and will provide a panacea for a wide variety of IT management problems. This is not always the case as there have been a number of operational failures caused by over optimistic faith in cloud services.

 

Key issues:

  • The rush to realise the benefits has not always been accompanied by adequate risk analysis. Care must be taken in:
  • Selecting the right processes, applications and information to be moved to the cloud whilst still guaranteeing security and regulatory, legislative and contractual compliance
  • Assessing the operational penalties and corrective action needed following a systems failure or a security breach in (virtualised) services previously under the client’s control
  • Assessing the whole life costs of setting up and managing cloud services
  • Assessing the security of cloud services, which have not yet always been designed with security in mind from the design phase
  • Remembering that three key issues remain central to security: confidentiality, integrity and availability (CIA).

The skill-sets needed to design, build and support secure cloud services are not yet widely available in the industry. Importantly, more CIA aware technical architects are needed to design secure cloud services.

 

 

To read the full report including the BCS position on the key security related issues click here

 Date of publication: March 2014

 

Post Comment

Only registered users of this site can post comments.
Please sign in here