Cloud Computing and Security Short Comings

by Wendy O

Photo from 'GRC in the Cloud' article. http://0-web.ebscohost.com.opac.library.csupomona.edu/ehost/pdfviewer/pdfviewer?sid=3f5c25e1-4b40-4405-bf23-bee58d46998b%40sessionmgr111&vid=2&hid=108

Summary:

The article spoke about high profile companies which were recently scrutinized when they didn’t respond fast enough to data breaches earlier this year. However, what the public doesn’t realize is that if they had actually been storing their data with public cloud providers, it would have taken days just to establish where the data warehouses were located. It could have been significantly worse than what it was.

A problem with cloud computing is when investigation is needed on data. Some companies are contractually bound and cannot keep the cloud providers from auto-deleting previous data or recycling old back-up tapes. This can potentially cause legal issues with investigations. So, it is recommended for companies to be proactive and have a game plan prior to an incident occurring. A lot of cloud providers don’t provide such visibility because they want to be able to move their data around with ease. This is a reason why some experts advise companies to spend the money and keep their mission-critical systems in-house.

Response:

It was a great article. What I liked mostly about it, was that the author provided 7 questions to ask your cloud service provider, focusing on data back-ups, policies and procedures being in compliance with standard regulations, knowing where the data is stored and if physical access is allowed. Its important for companies to know, in worst case scenarios, how long it will take to get to their data. The last thing any business wants to do, is be out of compliance with any laws. The best type of relationship to have with a cloud service provider is constant communication and collaboration. There needs to be a stake from every angle of the spectrum so that vendors and customers are kept happy.

Citation:

Kontzer, T. (2011). Grc in the cloud. , (118), http://0-web.ebscohost.com.opac.library.csupomona.edu/ehost/pdfviewer/pdfviewer?sid=3f5c25e1-4b40-4405-bf23-bee58d46998b%40sessionmgr111&vid=2&hid=108.

3 thoughts on “Cloud Computing and Security Short Comings”

  1. This is a great article. I just did a blog on the definition of the cloud. This is more on the implementation of the clouds.

  2. I think cloud computing is the next big hit. It will revolutionize the way we store our information, having said that it also brings up security issue. Cloud computing does not have a great security feature. It has personal and private information stored in who knows what public cyber world. Which brings up the issue as of how safe is your information. I have high hopes that in the future cloud computing will have a much stricter privacy policy, one that will allow users to feel more at ease to use such advancements.

  3. I’m not too sure that the companies that outsource their storage can be liable for any loss of data that conflicts with federal regulations. If the company has no means to establish a proper site for storage, then commissions a third party that has met federal regulations, the client company cannot be held responsible for any discrepancies. This is why I disagree with having in-house storage. The company would save on many levels such as storage equipment, IT support, supporting personal, just to name a few.

Comments are closed.