644
VIEWS

11 Jul 2011

INFOTECH: Cloud Computing Can Be Turbulent for Organisations

Cloud computing is causing turmoil for many organisations as it becomes the latest technology innovation. Claus Tepper, Information Security specialist from The IQ Business Group says the issue lies in a thorough understanding of the inherent risks. “Companies know that they need to get on board, but are not sure as to how or why. Before adopting a cloud strategy there are specific risks that they need to be aware of.”

Tepper says that a cloud solution is hosted by a third party who ultimately has access to the data stored within the third parties physical infrastructure. “When contemplating a cloud migration or establishment, the challenge facing any organisation is data ownership and data security. No matter where an organisation decides on storing the data they are ultimately responsible for the protection and processing thereof.”

Legislation in South Africa is changing and once the Protection of Personal Information Bill (PPI) is enacted organisations could be held liable for not adequately protecting personal data. “This may be daunting and deter companies from implementing a cloud strategy. However, Europe and America have been subjected to similar regulatory requirements and have found value in storing and hosting data within the cloud environment. South Africa need not be any different but organisations must proceed with caution.”

Some of the inherent risks associated with Cloud Computing, Data Security and Privacy are:

1. Data Ownership and Responsibility

Organisations that have previously owned and managed their own data centres have always had full control of the processing and storage of their data. By deploying applications, systems or data in to the cloud, organisations lose physical control of the infrastructure hosting the data. These organisations are however still responsible for the protection of data now stored and processed in the cloud and must therefore make all necessary logical provisions to secure the data. Before organisations migrate to a cloud platform it is imperative that they define and implement (if not already done so) a risk management framework and use it to assess and address cloud specific concerns.

2. Regulatory Compliance

Local legislation may soon require organisations to protect data and information in accordance with the law. Generally, when hosting data in the cloud, organisations are unaware of where the data is physically stored. This introduces uncertainty around data privacy, laws in foreign countries, as well as local requirements. Once the Protection of Personal Information Bill is enacted, organisations must ensure that the country where their data is stored have substantially similar data privacy laws or provisions governing the cloud service providers. This requires a form of transparency from the cloud service provider in assuring the organisation that local security requirements are met and also foreign legal requirements. Cloud hosting service providers are often hesitant to disclose information around their security policies and controls as well as location of physical data centres. Regulators locally and in foreign countries may under certain circumstances require cloud service providers to decrypt data for inspection and/or it may be seized including the physical equipment if required. Being a platform of multi-tenancy, organisations must be aware of this and plan accordingly.

3. Infrastructure and Application Security

Hosting in the cloud means that organisations will be storing and processing their data on infrastructure that is not under their own control. It also means that the cloud service providers may use the same infrastructure to host data, system or applications for other, even competing organisations. This is called multi-tenancy. Ensuring that the cloud service provider adequately secures the infrastructure is complicated especially when the inner workings of the cloud is not revealed. With some transparency from the cloud service provider and security assessments, many of the risks can be mitigated in one way or another. Proper due-diligence and assessment of the various risks and controls implemented must be assessed on a regular basis. It must be contractually clear as to what the cloud service provider’s responsibilities are in this area as well as the rights of the customer with regards to assessments and access to information. Incorrect configurations or poorly secured components on your system/application, the infrastructure of the cloud service provider or your “neighbours” components may introduce vulnerabilities into the environment which could lead to the entire system being compromised.

4. Business Continuity

Ensuring Business Continuity is an expensive exercise especially when duplicate infrastructure is required which is generally not being utilised unless disaster has struck. Using the cloud as a disaster recovery site is a viable option and organisations need to consider this. Cloud computing can provide organisations with the necessary infrastructure to restore their data to and also allocate additional resources that could minimise the performance impact experienced by end-users. Organisations must however identify a cloud service provider beforehand and identify the requirements for a disaster recovery scenario. These requirements (including performance expectations) must be discussed and contracted with the cloud service provider to ensure that the requirements can be met and maintained in a fast paced changing environment. In addition to this it is highly recommended that a disaster recovery simulation is done at least once a year. The last thing any organisation needs is to realise that there are software compatibility issues during a restore of the systems and data.

Cloud computing presents an inexpensive business continuity offering in that organisation only pay for the resources they use. They can run their active information systems locally and replicate to systems in the cloud without paying expensive infrastructure costs they otherwise would. It is still imperative that the organisation ensures that relevant controls are in place to ensure business continuity and that testing is performed on a regular basis.

Tepper concludes that the service offering from cloud service providers can be beneficial to large, medium and small companies since infrastructure is shared, but cautions against a migration without proper due-diligence. Reminding organisations that it is important to understand that even though they may outsource technical aspects and obligations, they are still responsible and obligated to ensure privacy in the cloud.

INFOTECH: Cloud Computing Can Be Turbulent for Organisations

Business News Sector Tags: Infotech|

Advertising

Agriculture

Airconditioning, Refrigeration & Cold Storage

Beverages

Building and construction

Business services & consultants

Clothing & Textiles

Communication & communication equipment

Development & Research

Education & training

Electrical or Gas Services&Products

Engineering

Entertainment

Export or Import

Financial services

Food

Forestry, Furniture & Wood Processing

Healthcare Services & Products

Hotels & Restaurants

Human Resources

IT Services & Products

Mining & Quarrying

Miscellaneous

Office Equipment & Services

Paper printing & publishing

Personal Services

Property

Retail Trade

Safety & Security

Tourism & Travel

Translation

Wholesale Trade

Daily Newsletter Subscription






	Accommodation Foreign Exchange Directory Fax 2 Email Finance Furniture Online Casino Restaurant Shop Online Study IT Online Web Design Weddings Work from Home



	Company News Advertising Spaceacre Printed Shadenet Solutions Dashboard Integrated Marketing Globecreative Print Copy Rate-it.co.za o' Kagans Brand Aid Branded Water Just Mesh Home Focus Potencia Corp CC EasyPass Shadenet Ink Perfect Wedding GBN Online VMarke Seo Marketing Agriculture LogTag Temperature Recorders Cofinpar Airconditioning, Refrigeration & Cold Storage LogTag Temperature Recorders Beverages ULTIMATE WATER Branded Water NC Enterprise Building and construction Printed Shadenet Solutions Facn Technologies Westgate Fire & Security Services p.kunene cleaning solutions Heno Consulting & Projects Edison Lebone (Pty) Ltd Vero Training Contractors 4 Africa Shadenet Ink Business services & consultants Carl Greaves Insurance Brokers (Pty) Ltd Peachez Bookkeeping & Consulting CC Dashboard Integrated Marketing Niche Training and Development Rate-it.co.za Tendering for Contracts Training Ltd Cameron Jordan Business Brokers Uvhonelaphanda Unlimited Absolute Telecommunciation & Technology Solutions DikeT Connection consultancy and developmental services p.kunene cleaning solutions KTR Professional Placement Just Mesh Quality Quotes DV8 CONSULTING Success Motivation Institute South Africa GBN Online SmartMetro Clothing & Textiles o' Kagans Brand Aid Communication & communication equipment Absolute Telecommunciation & Technology Solutions Quality Quotes DV8 CONSULTING Development & Research Uvhonelaphanda Unlimited Education & training The Training Corporation Westgate Fire & Security Services Niche Training and Development Tendering for Contracts Training Ltd Uvhonelaphanda Unlimited DikeT Connection consultancy and developmental services Study IT Online Vero Training Electrical or Gas Services&Products Edison Lebone (Pty) Ltd Contractors 4 Africa Engineering Heno Consulting & Projects Vero Training Entertainment Niche Training and Development NC Enterprise Perfect Wedding Export or Import NC Enterprise Financial services Carl Greaves Insurance Brokers (Pty) Ltd KTR Professional Placement PayGate Payment Gateway SmartMetro Food ULTIMATE WATER Forestry, Furniture & Wood Processing Home Focus Decor and Furniture Healthcare Services & Products ULTIMATE WATER Branded Water Hotels & Restaurants Rate-it.co.za McGregor Country Cottages Human Resources KTR Professional Placement Just Mesh Potencia Corp CC IT Services & Products Spaceacre LogTag Temperature Recorders Facn Technologies Absolute Telecommunciation & Technology Solutions Study IT Online DV8 CONSULTING PayGate Payment Gateway Contractors 4 Africa Mining & Quarrying Cofinpar Cameron Jordan Business Brokers Miscellaneous o' Kagans Brand Aid Office Equipment & Services Quality Quotes Paper printing & publishing Dashboard Integrated Marketing Print Copy DikeT Connection consultancy and developmental services Personal Services FVS Marketing & PR p.kunene cleaning solutions Heno Consulting & Projects Potencia Corp CC Success Motivation Institute South Africa Perfect Wedding Property Cameron Jordan Business Brokers McGregor Country Cottages Retail Trade Print Copy Home Focus Safety & Security Facn Technologies Westgate Fire & Security Services Tourism & Travel McGregor Country Cottages Translation Way With Words Wholesale Trade Edison Lebone (Pty) Ltd

Name:
Email Address:

INFOTECH: Cloud Computing Can Be Turbulent for Organisations

Recent Gauteng Business News

Business News Sector Tags: Infotech|

Advertising

Agriculture

Airconditioning, Refrigeration & Cold Storage

Beverages

Building and construction

Business services & consultants

Clothing & Textiles

Communication & communication equipment

Development & Research

Education & training

Electrical or Gas Services&Products

Engineering

Entertainment

Export or Import

Financial services

Food

Forestry, Furniture & Wood Processing

Healthcare Services & Products

Hotels & Restaurants

Human Resources

IT Services & Products

Mining & Quarrying

Miscellaneous

Office Equipment & Services

Paper printing & publishing

Personal Services

Property

Retail Trade

Safety & Security

Tourism & Travel

Translation

Wholesale Trade

Daily Newsletter Subscription