Mitigating Cloud Computing Risks
Introduction:
The cloud computing has significantly transformed the consumption and the delivery of the Information Technology by the businesses. Cloud computing is a standardized form of the information technology based capability which include the infrastructure such as the services, the platform as services or even the software as services which are being offered by the services providers and are intended to provide the end-user access via the Internet from their computers. With the availability of the cloud computing, data and applications are available to the user base of the organization whenever and wherever the user need to connect. Hence, the organizations do not necessarily need to keep the software and the hardware that are required to deliver those services.
The most recent research is the significant development by the use of the containers around the distribution of the applications, portability and cost effectiveness. Thus, the use of the containers will add the value of reducing the complexity since the containers will be removing the dependencies on the primary infrastructure services, thus reducing the complexity when dealing with those platforms.
Simple business metric has also been a recent research and trend in the cloud computing. This has been contributed by the fact that the cloud margins tend to fall while the enterprises are yet to develop the specific cloud applications, hence, the cloud vendors who include the HP, Microsoft as well as the Oracle will be helping the enterprises to evolve and provide the hosted services which will in return facilitate to cloud adoption.
Recent trend and research in the cloud computing has been in the cloud server technology which has adopted the use of the fatter servers that are capable of using Haswell CPU hence allowing for a larger instance or the more virtual machines on every server, in the memory database instances as well as the RMDA that refers as the Remote Direct Access memory over the Ethernet. Networking technology has been focusing on the on the (SDN) network-defined software that will be policy and rule driven network management. This will greatly encourage the accommodation to big data.
The risks and vulnerabilities associated with private clouds, public clouds, and hybrids are as follows:
-Environmental security: (Sosinsky, 2009)The computing resources and the users may concentrate in the environment of cloud computing will as well increase the concentration of security threats. Due to their significance and size, the cloud computing environment is mostly targeted by the bot malware and the virtual machines, some brute force attacks among other attacks. The organizations should always seek for the cloud provider access controls, enhance the vulnerability assessment observes as well as configuration management control to ensure adequate protection of the data.
-Data security and privacy: the confidential data that are hosted with the cloud services providers usually involves the transfer of quite a large amount of the organization’s control over the supplier’s data security. The cloud providers should always be aware of all the data safety and the rules of privacy as well as the regulations that apply to a particular entity. The organization’s vendors should also understand the security needs and data privacy of the organization.
-Record retention requirements: the organizations which are subject to the demands of the record retention, the managers of that particular organization should ensure that the provider understands what the retentions are so that they can meet them. (Marks & Lozano, 2010)
-Disaster recovery: When a cloud provider hosts the computing resources and the data of the company, the may make the cloud provider’s capabilities handle disasters vitally important to the organization’s disaster recovery plan. Hence, the organization should be aware of its cloud provider’s disaster recovery capabilities and ask them if they ever test those disasters.
-Data availability and the continuity of the business: the loss of the internet connectivity is usually a major risk to the continuity of the business. In order to avoid such scenario, the organization should enquire from the cloud provider to know the controls in place that ensures the Internet connectivity.In case the vulnerability has been identified, all access should be terminated to the cloud provider until the rectification of the vulnerability.
The Audits of the Information technology infrastructure may mitigate the security problems thus establishing trust in the supplier’s process and the infrastructure. Cloud environment, mostly lack confidence because of the non-transparent architecture as well as privacy measure which are taken by the providers and the missing security. (Rountree & Castrillo, 2014)Traditionally, the cloud computing audit did not cover the particular computing security. To provide a secure and trustable cloud, environment, the audit tasks need to have knowledge about the particular cloud characteristics as well as their environment. Additionally, whenever possible, they must be automated so as to run on a regular basis and immediately in case an individual infrastructure event takes place.
