Welcome!

@CloudExpo Authors: Elizabeth White, Jyoti Bansal, Steve Latham, Jim Hansen, Jnan Dash

Related Topics: @CloudExpo, Microservices Expo

@CloudExpo: Blog Feed Post

What Are the Cloud Computing Challenges and Risks?

Part 1: Cloud Security Advantages!

Perhaps by now, after you have read the:

- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?


you may be asking the following questions, among many others:

Where is my data?
• How does my data securely enter and exit the cloud?
How is my data protected in transit?
Who has access to my data?
• Who is accountable if something goes wrong?
• What’s the disaster recovery plan, including response to a pandemic?
• How to comply with Export and Privacy laws?
• Will my data disappear when my online storage site shuts down?

What happens if my cloud provider disappears?
How is the environment monitored for OS / DB / application failures and how are we notified?
How is the data protected and secured from theft and damage? Encrypted? and how are the
encryption keys rotated and managed?
• How easy is it to integrate with existing in-house IT?
• Does the system have enough customization capabilities to suit my needs?
Will on-demand cost more? What is the sweet-spot to consider when weighing Cloud vs inhouse?
• How difficult is it to migrate back to an in-house system? Is it even possible?
• Are there any regulatory requirements on my business that can prevent me from using the cloud?

You are not alone, as you can see by the results of the following poll:



Permission to use image provided by Frank Gens - http://blogs.idc.com/ie/


And let's start with probably the biggest one:

Security Issues in Cloud Computing Environments (Advantages and Challenges)

Research showed that the most common concern about implementing Cloud programs was security and privacy, a finding supported by an IDC study of 244 CIO's on Cloud Computing where 75% of respondents listed Security as their number one concern.

"With services such as Google's SaaS, data loss is less likely because the information is accessible from anywhere and anytime without saving it to an easily lost or stolen USB stick or CD" (Eran Feigenbaum, director of security for Google Apps)

Most organizations pay extraordinary attention and devote considerable resources to IT security, but that doesn't mean that their data is any more or less secure. The reality is that many attacks come from a lack of timely software update management and server misconfiguration. And the likelihood of such issues occurring (at least as frequently) is greatly reduced in the Cloud, where security-patching process is more streamlined than in a typical enterprise: vendors, servers and software architecture tend to be more homogeneous, and due to economies of scale, there is staff dedicated to security, ensuring application of the latest security patches.

In addition, the larger Cloud providers tend to have a better grasp of threats, because these people deal with security issues at more complex levels than your own IT team sees on a daily basis.

Let's look at some Cloud Security Advantages before looking to the Security Challenges:

Cloud Security Advantages

• Data fragmentation and dispersal are held by Unbiased Party (cloud vendor assertion); in fact,
shifting public data to an external cloud reduces the exposure of the internal sensitive data
Survey says that more than one-third of IT professionals abuse administrative passwords to access confidential data (in
http://www.internetnews.com/breakingnews/article.php/3824296)
• Cloud homogeneity makes security auditing/testing simpler
Dedicated Security Team
• Rapid Re-Constitution of Services
• Greater Investment in Security Infrastructure (Real-Time Detection of System Tampering; Low- Cost Disaster Recovery and Data Storage Solutions, Hypervisor Protection Against Network Attacks)
1 In 5 Companies Cutting IT Security Spending in 2009 (in
http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID=218100139&cid=RSSfeed_IWK_All )
• Simplification of Compliance Analysis
• On-Demand Security Controls


However, that doesn't mean you should blindly assume instant security when you opt for a services provider. Verify the Cloud provider procedures, even if that provider has security certifications.

So, in the next article we will look at some Cloud Security Challenges.
Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola

P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?

Read the original blog entry...

More Stories By Maria Spínola

Maria Spínola is a Researcher, White Paper Author and Copywriter, and Cloud Computing Evangelist and Advisor with more than 15 years experience in enterprise information technologies.

She holds a Software Engineering degree and a "Marketing and Innovation in Retail and Distribution" pos-graduation.

@CloudExpo Stories
SYS-CON Events announced today that Auditwerx will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Auditwerx specializes in SOC 1, SOC 2, and SOC 3 attestation services throughout the U.S. and Canada. As a division of Carr, Riggs & Ingram (CRI), one of the top 20 largest CPA firms nationally, you can expect the resources, skills, and experience of a much larger firm combined with the accessibility and atten...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
MongoDB Atlas leverages VPC peering for AWS, a service that allows multiple VPC networks to interact. This includes VPCs that belong to other AWS account holders. By performing cross account VPC peering, users ensure networks that host and communicate their data are secure. In his session at 20th Cloud Expo, Jay Gordon, a Developer Advocate at MongoDB, will explain how to properly architect your VPC using existing AWS tools and then peer with your MongoDB Atlas cluster. He'll discuss the secur...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers...
Imagine having the ability to leverage all of your current technology and to be able to compose it into one resource pool. Now imagine, as your business grows, not having to deploy a complete new appliance to scale your infrastructure. Also imagine a true multi-cloud capability that allows live migration without any modification between cloud environments regardless of whether that cloud is your private cloud or your public AWS, Azure or Google instance. Now think of a world that is not locked i...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, will present a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to m...
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., will discuss how these tools can be leveraged to develop a lasting competitive advanta...
Building custom add-ons does not need to be limited to the ideas you see on a marketplace. In his session at 20th Cloud Expo, Sukhbir Dhillon, CEO and founder of Addteq, will go over some adventures they faced in developing integrations using Atlassian SDK and other technologies/platforms and how it has enabled development teams to experiment with newer paradigms like Serverless and newer features of Atlassian SDKs. In this presentation, you will be taken on a journey of Add-On and Integration ...
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.