Cloud computing is one of the faster growing technological and business segments in the IT industry. Both individuals and enterprises are questioning the controls in place to safeguard the information stored outside the “secure” corporate boundaries. Subashini at.al. (2010) notes that “security is one of the major issues which reduces the growth of cloud computing and complications with data privacy and data protection continue to plague the market.”
Additional concerns are privacy and compliance issues, especially for international enterprises. Different privacy acts and regulations require companies to safeguard their data and restrict its migration to different geographical locations. In addition to that, different countries and regions have different security standard and compliance models such as GLBA, HIPAA, SOX and PCI) which organizations are required to comply with, therefore it is imperative those aspects are reviewed and addressed. According to recent statistic published by Ernst & Young (2009) “Only 34% of polled entities indicated they had an established response and management process in regards to privacy related incidents, while 32% have a documented inventory of assets covered by privacy requirements”.
Furthermore, ownership and control are additional issues, which companies are concerned about when discussing the implementation of Cloud based computing. Legal issue in data ownership and the lack of complete control of access to the stored information cause difficulties to organisations manifesting themselves in a number of security related issues, such as backup and disaster recovery. Ross Tisnovsky (2010) notes that “customers need formal contractual clauses to ensure data remains available if the supplier goes out of business or is acquired and for data redundancy across multiple sites”.
Finally, consistency and accuracy of the information should be considered when migrating sensitive data to the Cloud based infrastructure. For example, Data Protection Act (DPA) 1998 requires entities to review the information stored for accuracy. When factoring in issues discussed previously such as ownership of the information and the control over the information, a process of ensuring accuracy and consistency of the information stored should be considered and, in some cases, be part of contractual obligation with the service provider.
Given the advantages Cloud-based computing offers enterprises to ensure that data and application migration follow best practices and standards of security such as Open Web Application Security Project (OWASP) “Cloud Top 10 Security Risks” and “Security Guidance for Critical Areas of Focus in Cloud Computing” by Cloud Security Alliance (CSA). Understanding security and ethical issues, adoption of security frameworks and periodic risk assessments associated with the use of a particular technology will reduce the negative exposure of the enterprise.
- Bublitz, Erich. 2010. "Catching The Cloud: Managing Risk When Utilizing Cloud Computing." National Underwriter / Property & Casualty Risk & Benefits Management 114, no. 39: 12-16. Business Source Premier, EBSCOhost (accessed December 8, 2010).
- Cloud Security Alliance (2009), Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 [online]. Available from: http://www.cloudsecurityalliance.org/guidance/csaguide.pdf (accessed December 8, 2010).
- Ernst & Young. (2009). Outpacing change. 12th Annual Global Information Survey [online]. Available from: http://www.ey.com/Publication/vwLUAssets/12th_annual_GISS/$FILE/12th_annual_GISS.pdf (accessed December 8, 2010).
- Farrell, Rhonda. 2010. "Securing the Cloud-Governance, Risk, and Compliance Issues Reign Supreme." Information Security Journal: A Global Perspective 19, no. 6: 310-319. Business Source Premier, EBSCOhost (accessed December 8, 2010).
- OWASP (2010), Cloud Top 10 Security Risks [online]. Available from: http://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project (accessed December 8, 2010).
- Subashini, S., and V. Kavitha. "A survey on security issues in service delivery models of cloud computing." Journal of Network & Computer Applications 34, no. 1 (January 2011): 1-11. Business Source Premier, EBSCOhost (accessed December 8, 2010).
- Tisnovsky, Ross. 2010. "Risks Versus Value in Outsourced Cloud Computing." Financial Executive 26, no. 9: 64-65. Business Source Premier, EBSCOhost (accessed December 8, 2010).