Protecting the Cloud

It is apparent and established that significant benefits such as improved agility, enhanced flexibility, etc. have been cultivated by several organizations since cloud adoption. However the biggest challenge today is to ensure that high value information is completely protected and proper security mechanisms are implemented. Such risks, if not managed appropriately, may cause severe damage to business sensitive data, brand value and customer experience.

Certain flaws which can pose major risk in cloud computing are as follows:

1. Business problems & strategic objectives are not aligned with cloud initiatives
2. Proper user access control system is not defined and implemented through proper authentication, authorization, etc.
3. Information assets / Intellectual property are not protected efficiently through encryption, classification, etc.
4. Contractual breaches with partners or customers may lead to security loopholes for shared information
5. Poor quality of service or system outages may impact events such as operational disruptions, if not carefully planned, which may eventually manifest business loss and reputation

Below are some recommendations that can be followed to address risks:

1. Planned cloud value proposition will enable to create traceability with business strategy and thus provide benefits to measure the risks efficiently
2. Proper treatment mechanisms should be devised and applied such as data security, data location, business resilience, etc.
3. Selection of partners & third party service providers is important and in-depth care should be taken to assess parameters like eligibility criteria, financial stability, technical capabilities, etc.
4. Service level agreements needs to be clearly described with defined shared responsibilities between customers and service providers
5. It is important to isolate and encrypt sensitive data to minimise risk of unauthorised disclosure. There are several methods to perform encryption like cryptography, RSA encryption, etc.
6. Implement robust disaster recovery mechanisms for applications and data with carefully designed back-up mechanisms
7. Implement high availability cloud architecture to minimise disruption of service
8. Implement Network Access Control by enforcing policy, compliance and management of access control to a network
9. Develop strong Incident response plan by composing notification messages and distribute them to the affected parties in a timely manner and offer protective compensation such as credit monitoring services for financial information breaches
10. Generate risk awareness among all users by communicating expectations & protocols to avoids damages explicitly

When planned, implemented and governed with utmost care Cloud can deliver huge business value like accelerating innovation, transform customer experience and continuous service improvement while avoiding security threats and boosting reliability.