Cloud Computing and Security Short Comings{3}


by Wendy O

Photo from 'GRC in the Cloud' article. http://0-web.ebscohost.com.opac.library.csupomona.edu/ehost/pdfviewer/pdfviewer?sid=3f5c25e1-4b40-4405-bf23-bee58d46998b%40sessionmgr111&vid=2&hid=108

Summary:

The article spoke about high profile companies which were recently scrutinized when they didn’t respond fast enough to data breaches earlier this year. However, what the public doesn’t realize is that if they had actually been storing their data with public cloud providers, it would have taken days just to establish where the data warehouses were located. It could have been significantly worse than what it was.

A problem with cloud computing is when investigation is needed on data. Some companies are contractually bound and cannot keep the cloud providers from auto-deleting previous data or recycling old back-up tapes. This can potentially cause legal issues with investigations. So, it is recommended for companies to be proactive and have a game plan prior to an incident occurring. A lot of cloud providers don’t provide such visibility because they want to be able to move their data around with ease. This is a reason why some experts advise companies to spend the money and keep their mission-critical systems in-house.

Response:

It was a great article. What I liked mostly about it, was that the author provided 7 questions to ask your cloud service provider, focusing on data back-ups, policies and procedures being in compliance with standard regulations, knowing where the data is stored and if physical access is allowed. Its important for companies to know, in worst case scenarios, how long it will take to get to their data. The last thing any business wants to do, is be out of compliance with any laws. The best type of relationship to have with a cloud service provider is constant communication and collaboration. There needs to be a stake from every angle of the spectrum so that vendors and customers are kept happy.

Citation:

Kontzer, T. (2011). Grc in the cloud. , (118), http://0-web.ebscohost.com.opac.library.csupomona.edu/ehost/pdfviewer/pdfviewer?sid=3f5c25e1-4b40-4405-bf23-bee58d46998b%40sessionmgr111&vid=2&hid=108.