The number of articles on cloud computing security risks is growing daily. However, is cloud computing any different than traditional architectures in terms of risk exposure?
First, let’s clarify the definition of cloud computing to mean a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Let’s also mention that there are several flavors of this offering, one of the fastest growing being SaaS and IaaS.
Taking away the dynamic scalability, neither of these are new offerings. Spam filtering (SaaS) has been accepted as a commoditized activity for some time now. This is almost always done in the cloud today. Admins feel comfortable with this decision even though email may contain some of the most sensitive data sent within an organization. Infrastructure as a Service (IaaS) has been the mainstay for hosting companies, Co-lo’s and third party data centers for decades. So how is today different?
The difference is that administrators are putting more reliance upon this cloud service, and in turn losing some control. It is important to keep in mind that the premise of cloud computing is not flawed. By thoroughly vetting a vendor before conducting business with them, a cloud computing solution is often times more efficient, cost effective, and reliable than a traditional deployment. The right questions need to be asked as related to your environment and risk threshold. Questions such as how is the data protected against other customers? Who has access to the information? What does the architecture look like? Things that would be done as an internal discussion would now be shifted to the hosting provider.
Administrators should take care now to begin understanding the risks posed to their environment by cloud computing and what they can do to minimize them. At the same time they should start looking for ways to leverage the benefits of SaaS and IaaS. In the long term, this is a trend that is here to stay and one that we can all benefit from.