What are the main benefits & risks associated with using cloud applications?
One of the main risks in my opinion relating to our use of the cloud is ignorance of the implications for doing so.
Before we begin, let us be clear that the cloud has to do with a number of things including, but not limited to, outsourcing Mk2, data centres, external disk/computer, and third-party management.
If we can start to think about the cloud in this context, remembering it is just another file server sitting in another location, we are off to a good start. But that does not necessarily make the cloud a bad thing. What it really comes down to is an robust appreciation of the service, understanding the nuts and bolts, and entering into a relationship that is fully underpinned to awareness, information, robust contractual obligations, and SLA’s.
It is also highly recommended that notwithstanding what third-party providers tell you, you yourself should go investigate the details of each and every service. Please remember that once you have signed on the dotted, neglected due diligence as a result ignorance will show its teeth.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.