What are the main benefits & risks associated with using cloud applications?
Cloud computing is one of those phrases that for many years was spoken with derision, much like the “Internet of Things” currently is. We’ve seen, though, a real appreciation for cloud computing in all of its forms (SaaS, PaaS, IaaS) these days, and for good reason. Much of the trouble with cloud usage lies with the perception of infrastructure and software being done “one way” regardless of how and where it’s being deployed. Over the years, I’ve worked on green-field cloud deployments and migrations from existing architecture and have discovered a nasty reality: people just don’t understand how to leverage cloud computing.
Cloud, in its purest form, should allow you to map neatly to NIST SP800-146 for aspects like on-demand self-service and rapid elasticity. These concepts for many technology users are actually more foreign than you might guess. As a result, they are left trying to take square pegs (existing mindsets on infrastructure & apps) and shove them into round holes (cloud architecture). The risk here is that they will spend a lot of time, money, and talented people building systems and processes that are going against the grain of cloud computing.
Free Download: Is An Outright Ban On Workplace Social Networking A Good Idea?
Consider an organization whose architecture has high-end firewalls, network-based intrusion detection systems, highly tuned security event monitoring, and VPN-only accesses to their most prized servers and services. Now throw them head first into cloud computing, and what you have is a governance, risk, and compliance nightmare. Without guidance, people will forget that their strong exterior security is now squishy and malleable. They’ll also fail to remember that data stored through service providers may not adhere to the regulations of their government or international clients.
Indeed, cloud computing’s power and flexibility is sadly the place where failure occurs due to a lack of vision of how to make cloud computing work best, as well as shoddy efforts at shoehorning existing methodologies and technologies into this powerful ecosystem.
Mark Stanislav | Duo Security | @markstanislav
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.