Cloud computing continues to have a significant impact on the way enterprises operate, and companies are increasingly migrating to the cloud as a result of its value. But security and data privacy concerns are issues to consider before adopting cloud-computing services.
So says the nonprofit IT association ISACA <http://www.isaca.org> , in a new book, Security Considerations for Cloud Computing offering guidance for IT and business people to help them securely move to the cloud.
The book, available as a complimentary download for ISACA members and at $75 for non-members, details how cloud computing will gain importance as both the cloud and cloud-service-provider markets mature. Particularly in an economic downturn, the cloud can be perceived as a more cost-effective approach to technological support of the enterprise.
Before migrating to the cloud however, ISACA recommends considering the following which can increase risk:
Legal transborder requirements—Cloud-service providers are often transborder, and different countries have different legal requirements, especially concerning personal or private information.
Absence of disaster-recovery plans—The absence of proper backup procedures implies a high risk for any enterprise.
Physical security of computer resources—Physical computer resources can be shared with other entities in the cloud. If physical access to the cloud-service provider’s infrastructure is granted to one entity, that entity could potentially access information assets of other entities.
Data disposal—Proper disposal of data is imperative to prevent unauthorised disclosure.
Cloud provider authenticity—Although communications between the enterprise and the cloud provider can be secured with technical means, it is important to verify the identity of the cloud provider to ensure that it is not an imposter.
Just as cloud computing is about more than just IT infrastructures, platforms and applications, the developers of Security Considerations for Cloud Computing <http://www.isaca.org/cloud> stress that the decision to operate in the cloud should not be made solely by IT firms. The use of cloud services might entail high risk for the business and should be evaluated by responsible parties from the different control functions within an enterprise.
Yves Le Roux, CISM, principal consultant with CA Technologies and a member of the publication’s development team, said: “Cloud computing can present a number of challenges and risks with respect to security, privacy and trust. This book gives practical guidance to prospective cloud users on issues that must be addressed by business management and those responsible for ensuring the protection of information and business processes when selecting or implementing a cloud solution.”
According to Marc Vael, CISA, CISM, CGEIT, CRISC, international vice president of ISACA, “Many business and IT executives are still wondering if the cloud is a safe and secure option for (part of) their applications and data. Even though the advantages are presented very broadly in advertising and presentations by numerous cloud service providers, the risks around cloud computing can be high enough to create doubts—and the psychological effect of “giving away the data” to an external partner in the cloud cannot be underestimated. ISACA’s guidance on securely migrating to the cloud can help enterprises minimize the risks and achieve trust and value in the cloud.” Visit www.isaca.org/cloud <http://www.isaca.org/cloud> .
