What are the main benefits & risks associated with using cloud applications?
First, we ought to clarify by what we mean when we say “cloud applications.” Do we mean SaaS, which brings with it benefits in terms of lower operational and capital costs associated with highly commoditized business applications but runs the risk of disconnected credentials that result in orphaned accounts and post-employment access to sensitive corporate data?
Or do we mean applications which we, as an organization, have developed and deployed in a cloud environment, aka “IaaS” which brings with it similar benefits but additionally offers ease of scalability at the risk of fewer security service options that can put data and availability at risk?
FREE Webinar TOMORROW, Oct. 21 at 3:30pm EDT: The Top 3 Threats to Retail IT Security and How You Can Defend your Data
Once we’ve established what kind of “cloud application” we’re talking about, we should then evaluate what kind of application we’re discussing. Are these finance or HR applications? Are they marketing campaigns or promotions? Are we thinking about IT management systems or documentation sites (like Wikis), or are we considering services like caching or access control or DDoS mitigation?
We can certainly generalize and simply say the benefits of cloud applications are agility, lower capital and operational costs and ease of scalability at the risk of security and, in some cases, performance. But that’s so general as to be almost useless except in the broadest of marketing discussions.
The benefits – and risks – associated with a cloud application, regardless of whether it’s SaaS or IaaS-deployed, have to be measured and evaluated in the context of each application and the value of its data to the organization, along with any regulatory consequences that may be incurred if something (Heaven forbid) were to go wrong.
Applications in the cloud, which are designed to be accessed by anyone from anywhere, are at greater risk than perhaps their more controlled and monitored, on-premise counterparts if they are without proper security and access controls. But some applications carry with them more risk than others due to the nature of their relationship to the business and the data with which they interact irregardless of where they are located.
Basically, the benefits and risks aren’t just about the location (cloud); they’re peculiar to the application and its data, and that analysis is best performed on an individual application basis.
Lori MacVittie | F5, Sr Product Manager | @lmacvittie
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.