The Pros and Cons of Cloud Computing: Part 4

Here is Part Four of our Four Part informational series on cloud computing.

Read Part 1
Read Part 2
Read Part 3

Probably the most serious concern of IT professionals is the security of information hosted on the cloud. Because the data is dynamic and accessible to anyone who provides the proper access codes or passwords, the data is also at risk of hacking attacks. These problems were identified early, and are more prevalent than ever thanks to hacking attacks by groups like Anonymous and LulzSec. These have generated billions of dollars in costs and damaged the reputations of many high-profile organizations and even government agencies. To date, numerous IT industry commenters continue to be wary of the cloud due to continuing security vulnerabilities.

In 2008, (about the same time the cloud phenomenon was starting to stimulate the collective imagination of the IT industry), Gartner Consulting identified significant risks associated with cloud computing. Here are seven vulnerabilities they identified in an article in Info World titled “Gartner-Seven Cloud Computing Security Risks”.

• Lack of privileged user access – within your organization it is possible to establish and police a hierarchical structure of access. This may not be possible with your cloud provider because they may lack physical, logical and personnel controls to establish and maintain these levels.

• Regulatory compliance – certainly this area is one of the primary drivers of records and information management. Some external compliance verification activities, such as audits, may be difficult or impossible to perform using a cloud provider. Other areas like chain of custody issues, access logs, and related metadata that may be required in e-discovery requests may not be created or maintained in a hosted environment.

• Data location – where is your data? Is it all in a single location or is part of your data stored in multiple locations. Do all locations provide equal levels of physical security and adequate technical safeguards? Are policies strictly enforced and employees carefully screened in each location? Are data host sites subject to change without notice?

• Segregation of data – is your information combined with the information of other clients (and possibly competitors) on the same servers? Could this provide some avenue for unauthorized access to your data? What safeguards are in place, or could be put in place to mitigate risks associated with data from multiple clients posted on the same server?

• Disaster recovery – business continuity planning and infrastructure was introduced earlier in this article as a strength – of course that is only true if the infrastructure is in place and BCP has been implemented throughout the facilities used for hosting. It is well worth the time to determine what will happen to your data if a disaster should occur.

• Investigative support – Gartner identifies this as a real problem area because logging exists for multiple clients, at co-location centers and at changing data center locations. Ask how e-discovery requests or data breach investigations would be conducted.

• Long-term viability – what would happen to your data if the hosting service goes out of business? If they give you your data back will it be in a format that you can actually use?

Cloud computing is still in its development stages and represents both significant opportunities and risks. For records and information management applications, a process of due diligence is warranted in order to maintain the security, confidentiality and integrity of the records. and information management assets of the organization.

This series is courtesy of PRISM (Professional Records & Information Services Management).

  • Categories