Welcome!

@CloudExpo Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo

@CloudExpo: Blog Feed Post

What Are the Cloud Computing Challenges and Risks?

Part 1: Cloud Security Advantages!

Perhaps by now, after you have read the:

- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?


you may be asking the following questions, among many others:

Where is my data?
• How does my data securely enter and exit the cloud?
How is my data protected in transit?
Who has access to my data?
• Who is accountable if something goes wrong?
• What’s the disaster recovery plan, including response to a pandemic?
• How to comply with Export and Privacy laws?
• Will my data disappear when my online storage site shuts down?

What happens if my cloud provider disappears?
How is the environment monitored for OS / DB / application failures and how are we notified?
How is the data protected and secured from theft and damage? Encrypted? and how are the
encryption keys rotated and managed?
• How easy is it to integrate with existing in-house IT?
• Does the system have enough customization capabilities to suit my needs?
Will on-demand cost more? What is the sweet-spot to consider when weighing Cloud vs inhouse?
• How difficult is it to migrate back to an in-house system? Is it even possible?
• Are there any regulatory requirements on my business that can prevent me from using the cloud?

You are not alone, as you can see by the results of the following poll:



Permission to use image provided by Frank Gens - http://blogs.idc.com/ie/


And let's start with probably the biggest one:

Security Issues in Cloud Computing Environments (Advantages and Challenges)

Research showed that the most common concern about implementing Cloud programs was security and privacy, a finding supported by an IDC study of 244 CIO's on Cloud Computing where 75% of respondents listed Security as their number one concern.

"With services such as Google's SaaS, data loss is less likely because the information is accessible from anywhere and anytime without saving it to an easily lost or stolen USB stick or CD" (Eran Feigenbaum, director of security for Google Apps)

Most organizations pay extraordinary attention and devote considerable resources to IT security, but that doesn't mean that their data is any more or less secure. The reality is that many attacks come from a lack of timely software update management and server misconfiguration. And the likelihood of such issues occurring (at least as frequently) is greatly reduced in the Cloud, where security-patching process is more streamlined than in a typical enterprise: vendors, servers and software architecture tend to be more homogeneous, and due to economies of scale, there is staff dedicated to security, ensuring application of the latest security patches.

In addition, the larger Cloud providers tend to have a better grasp of threats, because these people deal with security issues at more complex levels than your own IT team sees on a daily basis.

Let's look at some Cloud Security Advantages before looking to the Security Challenges:

Cloud Security Advantages

• Data fragmentation and dispersal are held by Unbiased Party (cloud vendor assertion); in fact,
shifting public data to an external cloud reduces the exposure of the internal sensitive data
Survey says that more than one-third of IT professionals abuse administrative passwords to access confidential data (in
http://www.internetnews.com/breakingnews/article.php/3824296)
• Cloud homogeneity makes security auditing/testing simpler
Dedicated Security Team
• Rapid Re-Constitution of Services
• Greater Investment in Security Infrastructure (Real-Time Detection of System Tampering; Low- Cost Disaster Recovery and Data Storage Solutions, Hypervisor Protection Against Network Attacks)
1 In 5 Companies Cutting IT Security Spending in 2009 (in
http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID=218100139&cid=RSSfeed_IWK_All )
• Simplification of Compliance Analysis
• On-Demand Security Controls


However, that doesn't mean you should blindly assume instant security when you opt for a services provider. Verify the Cloud provider procedures, even if that provider has security certifications.

So, in the next article we will look at some Cloud Security Challenges.
Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola

P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?

Read the original blog entry...

More Stories By Maria Spínola

Maria Spínola is a Researcher, White Paper Author and Copywriter, and Cloud Computing Evangelist and Advisor with more than 15 years experience in enterprise information technologies.

She holds a Software Engineering degree and a "Marketing and Innovation in Retail and Distribution" pos-graduation.

CloudEXPO Stories
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail.
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian and Tiger Woods. Taylor recently became an advisor to cybersecurity start-up Path which helps companies make sure their websites are properly loading around the globe.
ClaySys Technologies is one of the leading application platform products in the ‘No-code' or ‘Metadata Driven' software business application development space. The company was founded to create a modern technology platform that addressed the core pain points related to the traditional software application development architecture. The founding team of ClaySys Technologies come from a legacy of creating and developing line of business software applications for large enterprise clients around the world.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in this new hybrid and dynamic environment.
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.