Managing risk in the cloud

The steps to preserve information assurance in a shift to cloud computing

Cloud computing allows the procurement of IT services from both internal and external suppliers to be optimised because the services are delivered remotely in a standard way. The cloud is not a single model, but covers a wide spectrum from applications shared between multiple tenants to virtual servers used by one customer.

The key benefit is one of scale; a cloud provider can potentially offer a better service at a lower cost because it has a large enough operation to afford the skilled people and state-of-the-art technology necessary for a secure service. In general, a large cloud provider is likely to provide a better and more secure IT service at a lower cost than a small to medium sized organisation could provide itself.

While the public cloud offers applications shared by multiple customers, the community cloud is confined to a selected group (for example, government or healthcare) and membership is strictly controlled. This reduces the risks from the activities of co-tenants while retaining many of the benefits of scale. The private cloud provides applications and infrastructure dedicated to a particular organisation, allowing it to outsource the management of its IT infrastructure while retaining tighter control over the location and management of the resources. The price for this is that the costs are likely to be higher than for a public cloud because there is less potential for economy of scale, and resilience may be lower because of the limit on resources available.

The information security risk associated with cloud computing depends on the service and delivery models, and the specific risks depend on the individual requirements of the organisation. Common security concerns across this spectrum are ensuring the confidentiality, integrity and availability of the services and data.

To Continue Reading: Click Here
--------------------------------------
Source: guardian.co.uk
By: Mike Small