“Risk varies inversely with knowledge.”
Despite cloud computing’s many benefits, it’s important to be aware of the risks and concerns when doing business in a cloud architecture.
- Security and privacy are two of IT professionals’ top concerns when considering moving to the cloud, either as a vendor, broker, or consumer. Typical security and privacy concerns include data storage and data transfer protection; vulnerability management and remediation; personnel and physical security; application security; data privacy; and identity management.
- Compliance requirements exist that must be met and secured. Some compliance concerns include business continuity and disaster recovery; security standards (ISO 27001); logs and audit trails (eDiscovery); and specific standards and governmental compliance requirements such as Sarbanes Oxley, Payment Card Industry (PCI), and the Health Insurance Portability and Accountability Act (HIPAA).
- Legal and regulatory concerns when providing cloud services and, subsequently, consuming them. These revolve around liability and recourse, intellectual property issues and terms, as well as vendor transparency regarding location of recovery data centers.
- Availability and the peak-load capacity that the vendor can carry. For example, current and prospective customers can scrutinize the uptime (and downtime) of Amazon Web Services and Google App Engine through CloudStatus.com to determine how healthy the services have been, monitoring their track record of service failures, latency, and throughput.
- There are no standards yet to ensure interoperability or migration between cloud providers. As such, cloud consumers should also be aware of vendor lock in when moving forward in the cloud ecosystem.
These risks are all considerations when implementing a cloud service and should be considered or discussed in the service-level agreement (SLA).
– Adapted from Victoria Kouyoumjian,The New Age of Cloud Computing and GIS