«
»

Reduce Cloud Computing Risks

By theblogger. Filed in High Speed Internet Information  |  
TOP del.icio.us digg

One of the main issues stated by business owners when thinking about moving information and processes to “the Cloud” is risk. Understandably, business owners are concerned about outsourcing confidential information and express concerns regarding the security of their information.  If you’re concerned about data and document security, consider using a virtual data room or highly secure extranet.

Another concern involves the sense of lack of control over corporate information and the inability to monitor the software processes used to organize the information.

Fortunately, new products are emerging that alleviate these common concerns. Two services worth keeping an eye on are cloud monitoring services and cyber-risk insurance.

Cyber-risk insurance generally covers damages which stem from failures arising from your use of online or internet-based technologies. For example, this type of policy can cover information loss, service outages resulting from server downtime, or hardware or software failures. According to the article, Cyber Insurance, Cyber Risk, and How to Protect Your Company, nearly 29% of U.S. firms use cyber-risk insurance. Of course, cyber-risk insurance does little to protect the confidentiality of your client’s data, but it does provide your business with coverage should a information loss occur.

Another way to manage risk in the Cloud is to diligently monitor the services provided by cloud computing vendor. This can be managed by using cloud management software. As explained in this Enstratus blog post*, cloud monitoring software can:

  • Make the underlying cloud more accessible
  • Extend security policies into the cloud environment
  • Protect from single cloud supplier lock-in facilitating mobility
  • Manage to your service level needs
  • Accommodate for financial controls and tracking
  • Audit and report for compliance

Of course, depending on the type of your business and your specific needs, using these types of services may not be a good fit. All the same, it’s useful to familiarize yourself with these offerings so that you can stay on top of the different opportunities that are available.  Doing so will allow you to better evaluate new products that may be more appropriate for your situation.

And, it’s certainly reassuring to know that innovative companies are addressing the concerns raised by small business people.  Likewise, this trend is simply further proof that, over time, the difficult ethical and security issues that cloud computing presents will be ironed out and cloud services will become all the more acceptable to all.

====

* Enstratus Blog Post – http://enstratus.typepad.com/blog/2010/06/what-is-cloud-management-and-why-does-it-matter.html

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • StumbleUpon
  • Technorati
  • TwitThis

This entry was posted on Saturday, August 28th, 2010 at 6:50 am and is filed under High Speed Internet Information. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Comment

  1. Comment by Dan Gross:
    Tuesday, August 31st 2010 at 10:04 am | 

    Most if not all of the data security and regulatory risks related to cloud applications could be avoided with an entirely different approach to using cloud-based applications which need to store sensitive data. The approach I refer to is to encrypt all sensitive data behind the corporate firewall, before it is ever sent to the server for storage and processing. In order for this to work, you need three capabilities: (1) a transparent mechanism to intercept, identify and encrypt all sensitive data being entered to the client (browser) and being sent to the server (cloud application); (2) a method of encryption that allows the cloud application to effectively process the data (e.g., search, sort, report generation) without ever needing to decrypt the data; and (3) a transparent mechanism to decrypt all encrypted data returning from the server to the client so that end users remain oblivious to all of this background encryption/decryption. With this approach, there is no danger of the server being compromised by a hacker or rogue employee as the encryption keys for all encrypted sensitive data are never present at the cloud servers! Thus, there’s no need for extra firewalls, policies, etc. This completely different cloud application data security paradigm provides privacy and regulation compliance with a minimum of fuss. You can read more about this approach at the home page of Navajo Systems.

Trackbacks / Pingbacks

Leave a Reply