Security Shortcomings in Cloud Computing{2}


by Rizwan A
Summary:

The article talks about high companies such as RSA, Epsilon, and Sony which were recently scrutinized when they didn’t get back quick enough to all the data breaches earlier in the year. However, people didn’t realize was that if they had been storing their data with public cloud providers and it would have taken just days to establish where the data warehouses were located and it could have been significantly worse than what it was already.

The problem with cloud computing arises when investigation is needed on data. Some companies are contractually bounded and cannot keep up with the cloud providers from auto-deleting previous data or recycling old back-up tapes. This can potentially cause legal issues with investigations and due to this it is recommended for companies to be proactive and have a game plan prior to an incident taking place. A lot of cloud providers don’t provide such visibility because they want to be able to move their data around with ease. That’s the reason why some experts advise companies to spend the money and keep their mission-critical systems in-house.

Response:

This article was really great. Most appealing part was how the author provided 7 questions to ask your cloud service provider, focusing on data back-ups, policies and procedures being in compliance with standard regulations and knowing where the data is stored and if the physical access is allowed. It’s important for companies to know how long it will take to get to their data. The last thing any business wants to do is be out of compliance with any laws. The best type of relationship to have with a cloud service provider is constant communication and collaboration. There needs to be a stake from every angle of the spectrum so that vendors and customers are kept happy.

Citation:

Kontzer, Tony. “GRC in the Cloud.” CIO Insight. 30 July 2011. Web. 6 May 2012. <http://search.proquest.com/docview/886014328?accountid=10357>.