Everyone has their own definition of risk. It varies from customers-to-vendors-to-users and so on. Risk, as generalized, is a vulnerable situation which could involve loss in some way or the other. Same goes with the RISKs in cloud computing, users are sceptical about the existence of the cloud resources and the technologies which vendors implement to make them stand out, which creates ambiguity about the foreseen RISK factors.
The insecurity of the users and cloud customers is due to:
Less control over the data
As the data is not in the premises, there might be a risk of it being stored with other data, resulting in lack of transparency on how, when, why and where it is processed. Other risks can be eavesdropping, DNS spoofing, and Denial-of-Service attacks as the Virtual Machines are connected remotely. There is a need to standardize data access and data protection policy since different countries have different legal polices when it comes to protecting the data.
Dependency on the cloud provider
Storing the data on the cloud server can be risky when the data center goes bankrupt, gets affected by natural disasters or by human manipulations, or other factors such as availability if the data center declares downtime/maintenance for the upgradation process for their own infrastructure, then the cloud resources become unavailable and cannot be accessed.
The data stored in the cloud can be shared among various owners as they share the same storage space. Many of the encryption algorithms are implemented to protect the data from being shared or accessed. Unusable data and risk can be encountered if the encryption goes incorrect, accidentally.
Lack of Standardization
Every provider has a different policy to manage data. Some of the cloud vendors may use encryption for data and inform their users, and some may not. In some cases, if uniform guidelines are not provided by cloud vendors it may create turmoil among the users in decision making.
Considering the challenges and ensuring the mechanism of assured data security runs smoothly, an analysis and approach like the one given below plays an important role –
- Cloud Computing Application – Identifying data that has to be stored in the cloud
- Cloud Computing Risk Assessment – Prioritizing vulnerabilities and risks, assign controls and ownership
- Prioritize Identified Risks – Assess the impact and risk levels for each liability and bottleneck
The redundant services provided by cloud vendors marks the approach about how the world reacts to the most frequent risks. Keeping this in mind, the cloud giants ensure that:
- For data storage, the cloud vendors provide different geographical regions along with the redundancy policy
- All cloud vendors provide their SLAs (Service Level Agreements) which describes all the Standards, which they are using to give the best services to their customers
- For data segregation, the cloud vendors have different approaches like Shared Web Plans, Standard Plan, Premium Plans, etc.
- With advancement in Technology solutions, the migration of data from one cloud vendor to another has become more feasible
- Data Centre security is also monitored by the cloud vendors as there are several compliance standards such as HIPPA (Health Insurance Portability and Accountability Act of 1996) and other standards such as PCI-DSS(Payment Card Industry and Data Security Standard) which are mandatory to be implemented, to execute and run the data centers
- Cloud vendors also provide VPN connections to the customers as per their requirements so that they can directly connect to respective resources on cloud
Most businesses are playing safe nowadays with an increase in the power of cloud computing. The risk estimation helps uncover some of the major risks, prioritize them and formulate a plan of action. Risk estimation done in advance contributes minimally to the implementation cost and maintains the project with the cloud resources in an enterprise.