Managing risk in the cloud

Mike Small, a member of the London Chapter ISACA Security Advisory Group, BCS Fellow and a senior analyst at KuppingerCole, on managing risk in the cloud

The key benefit of adopting a cloud approach is one of scale - the cloud provider can potentially offer a better service at a lower cost because the scale of its operation means it can afford the skilled people and state-of-the-art technology necessary to deliver a secure service.

In general, a large cloud provider is likely to provide a better and more secure IT service at a lower cost than a small to medium-sized enterprise can provide itself.

While the public cloud offers applications shared by multiple customers, the private cloud provides applications and infrastructure that are dedicated to a particular organisation. It allows organisations to outsource the management of their IT infrastructure while retaining tighter control over the location and management of the resources.

But the price to pay for this is that the costs are likely to be higher than for a public cloud because there is less potential for economies of scale, and resilience may be lower because of the limit on service resources available.

Adopting cloud computing may, then, save money, but how does it affect risk?

The information security risk associated with cloud computing depends on both the service and delivery models adopted, while the specific risks depend on the organisation and its individual requirements. The common security concerns include ensuring the confidentiality, integrity and availability of the services and data delivered.

To Continue Reading: Click Here
--------------------------------------
Source: cbronline.com