Welcome!

@CloudExpo Authors: Yeshim Deniz, Dana Gardner, Pat Romanski, Liz McMillan, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo

@CloudExpo: Blog Feed Post

What Are the Cloud Computing Challenges and Risks?

Part 1: Cloud Security Advantages!

Perhaps by now, after you have read the:

- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?


you may be asking the following questions, among many others:

Where is my data?
• How does my data securely enter and exit the cloud?
How is my data protected in transit?
Who has access to my data?
• Who is accountable if something goes wrong?
• What’s the disaster recovery plan, including response to a pandemic?
• How to comply with Export and Privacy laws?
• Will my data disappear when my online storage site shuts down?

What happens if my cloud provider disappears?
How is the environment monitored for OS / DB / application failures and how are we notified?
How is the data protected and secured from theft and damage? Encrypted? and how are the
encryption keys rotated and managed?
• How easy is it to integrate with existing in-house IT?
• Does the system have enough customization capabilities to suit my needs?
Will on-demand cost more? What is the sweet-spot to consider when weighing Cloud vs inhouse?
• How difficult is it to migrate back to an in-house system? Is it even possible?
• Are there any regulatory requirements on my business that can prevent me from using the cloud?

You are not alone, as you can see by the results of the following poll:



Permission to use image provided by Frank Gens - http://blogs.idc.com/ie/


And let's start with probably the biggest one:

Security Issues in Cloud Computing Environments (Advantages and Challenges)

Research showed that the most common concern about implementing Cloud programs was security and privacy, a finding supported by an IDC study of 244 CIO's on Cloud Computing where 75% of respondents listed Security as their number one concern.

"With services such as Google's SaaS, data loss is less likely because the information is accessible from anywhere and anytime without saving it to an easily lost or stolen USB stick or CD" (Eran Feigenbaum, director of security for Google Apps)

Most organizations pay extraordinary attention and devote considerable resources to IT security, but that doesn't mean that their data is any more or less secure. The reality is that many attacks come from a lack of timely software update management and server misconfiguration. And the likelihood of such issues occurring (at least as frequently) is greatly reduced in the Cloud, where security-patching process is more streamlined than in a typical enterprise: vendors, servers and software architecture tend to be more homogeneous, and due to economies of scale, there is staff dedicated to security, ensuring application of the latest security patches.

In addition, the larger Cloud providers tend to have a better grasp of threats, because these people deal with security issues at more complex levels than your own IT team sees on a daily basis.

Let's look at some Cloud Security Advantages before looking to the Security Challenges:

Cloud Security Advantages

• Data fragmentation and dispersal are held by Unbiased Party (cloud vendor assertion); in fact,
shifting public data to an external cloud reduces the exposure of the internal sensitive data
Survey says that more than one-third of IT professionals abuse administrative passwords to access confidential data (in
http://www.internetnews.com/breakingnews/article.php/3824296)
• Cloud homogeneity makes security auditing/testing simpler
Dedicated Security Team
• Rapid Re-Constitution of Services
• Greater Investment in Security Infrastructure (Real-Time Detection of System Tampering; Low- Cost Disaster Recovery and Data Storage Solutions, Hypervisor Protection Against Network Attacks)
1 In 5 Companies Cutting IT Security Spending in 2009 (in
http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID=218100139&cid=RSSfeed_IWK_All )
• Simplification of Compliance Analysis
• On-Demand Security Controls


However, that doesn't mean you should blindly assume instant security when you opt for a services provider. Verify the Cloud provider procedures, even if that provider has security certifications.

So, in the next article we will look at some Cloud Security Challenges.
Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola

P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?

Read the original blog entry...

More Stories By Maria Spínola

Maria Spínola is a Researcher, White Paper Author and Copywriter, and Cloud Computing Evangelist and Advisor with more than 15 years experience in enterprise information technologies.

She holds a Software Engineering degree and a "Marketing and Innovation in Retail and Distribution" pos-graduation.

CloudEXPO Stories
The graph represents a network of 1,329 Twitter users whose recent tweets contained "#DevOps", or who were replied to or mentioned in those tweets, taken from a data set limited to a maximum of 18,000 tweets. The network was obtained from Twitter on Thursday, 10 January 2019 at 23:50 UTC. The tweets in the network were tweeted over the 7-hour, 6-minute period from Thursday, 10 January 2019 at 16:29 UTC to Thursday, 10 January 2019 at 23:36 UTC. Additional tweets that were mentioned in this data set were also collected from prior time periods. These tweets may expand the complete time period of the data.
The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to deep and abiding love. But as with any long-term affair, the honeymoon soon leads to needing to live well together ... and maybe even getting some relationship help along the way. And so it goes with container orchestration and automation solutions, which are rapidly emerging as the means to maintain the bliss between rapid container adoption and broad container use among multiple cloud hosts. This BriefingsDirect cloud services maturity discussion focuses on new ways to gain container orchestration, to better use serverless computing models, and employ inclusive management to keep the container love alive.
Artificial intelligence, machine learning, neural networks. We're in the midst of a wave of excitement around AI such as hasn't been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. This time is (mostly) different. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Pattern recognition can equal or exceed the ability of human experts in some domains. It's developing into an increasingly commercially important technology area. (Although it's also easy to look at wins in specific domains and generalize to an overly-optimistic view of AI writ large.) In this session, Red Hat Technology Evangelist for Emerging Technology Gordon Haff will examine the AI landscape and identify those domains and approaches that have seen genuine advance and why. He'll also ...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity.
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.