Dangers of Cloud Computing

“In the cloud” computing – using systems and resources outside of the Enterprise such as Salesforce.comLive Mesh – promises reduced costs and increased flexibility for a business. But what of the risks?

There’s an excellent feature on “The Dangers of Cloud Computing” here at CIO.com. The article discusses the potential risk associated with cloud-based services as well as some of the reasons why risk my be reduced as a result of using them:

One reason is that a cloud provider can invest more in security than any individual small business could, because the cost is applied across hundreds of customers. Another is that as soon as a cloud provider patches a security vulnerability, all its customers are protected immediately, unlike the case for downloadable patches that IT must apply itself.

For me, one of the most important points is made towards the end of the article:

When it comes to cloud computing, the experts fundamentally offer the same advice, which can be summarized by two very famous quotations, one an old Russian proverb that President Reagan liked to use–“trust but verify”–and the other by Intel’s famous former CEO, Andy Grove–“only the paranoid survive.”

That’s good advice and the process I use is to apply the same rigour to auditing cloud-based service providers as for other third party vendors. Don’t be afraid to question every aspect of their network management. In my experience the good service providers are open and transparent about the systems they have in place and the processes they use for managing them. After all , it’s your money they’re taking.

There’s an interesting new blog on the subject of cloud computing and security here at cloudsecurity.org.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Dangers of Cloud Computing: Critical Targets are few, just like a single platform environment ... Microsoft, Blackberry.... Physical Targets are obvious, just like 911, Cole, Kobar towers.... Easy Targets become harder to find, but always remain problematic to complete security. IT/S/M...Technology/Telecommunications was never meant to be centralized for robust security, because it is not possible; However, platform/technology diversity ("Open" and proprietary) and telecommunications distribution (FO, Skycat ...) does provide a possibility of survival. Governments/Businesses are non-academic traders that hope financial-based decisions with any skill/luck win win/profit. I think real academics would select to make an evolutionary model with "Open" diversity and resource distribution for increased survival/evolution potential in favourable or hostile environments. IOW: Don't be stupid ... Cloud Computing, like server/client, like ... should be part of the WebSOA mix, but all in one solutions are suicidal while easy too manage/administer/secure....