Risks and Vulnerabilities Associated with Public Clouds, Private Clouds, and Hybrid
Public clouds, private clouds, and hybrid clouds are different in several ways. The use of cloud computing poses various risks to the users of cloud computing. The following are some of the risks that are involved in the use of clouds.
Environmental security
The approach used in cloud computing is that many of the computing resources are located in a common cloud computing area (Romes, 2013). This concentration of resources and uses elevates the cloud computing environment which results in an increase in the number of threats. Cloud computing environments have an allure to attackers due to their significance to the users and their size (Romes, 2013).As a result, bot malware, virtual machines, and brute force attacks are a common occurrence in cloud computing environments (Romes, 2013).
The availability of data
Many business rely on the access of clouds for the continuity of their businesses. This is because the data stored in the clouds is vital for the operations of the businesses. The failure of the internet to connect poses a risk to the business. The loss of connectivity means that the business cannot access the clouds (Romes, 2013).This risk is also aggravated by the possibility that the machines and servers in which the data is hosted can be stolen or seized by law enforcement agencies. The result of such an action is the interruption of the business services that require the data that is stored in the servers that are seized or stolen (Romes, 2013).
Privacy and security of the data
The integrity of the data stored in the clouds is important to the business. The leakage of this data to the competition can give them a competitive advantage. Some of the other data is sensitive, such as customer credit card and contact data, and the businesses have an incentive to ensure the confidentiality of the data (Romes, 2013). By storing this type of data in the clouds, the business owner cedes and hands over a significant amount of the control of the fate of the data to the provided of the cloud services. Unscrupulous service providers might use such an opportunity to misuse the data stored in the clouds. The breach of the confidentiality in the stored data can have legal implications on the business owner, especially when the rules and regulations that relate to the business are transgressed (Romes, 2013).
Data recovery
Events might occur that lead to the loss of data stored in servers and machines. There are facilities thorough which the data can be recovered. However, some service providers may not have these capabilities. In this event, the business owner suffers a total loss of the data. This might have ramifications on the business operations (Romes, 2013).
Controls for Mitigating Risks and Vulnerabilities
The risks highlighted above are general ideas that characterize the vulnerabilities that affect cloud computing. However, there are more specific threats that have far reaching consequences for the businesses using cloud computing. The installation of controls is necessary to mitigate the vulnerabilities and risks highlighted above. Particular controls are only effective against certain threats. This implies that there is a need to use multiple controls in order to protect the information systems against multiple threats and to address different vulnerabilities. The table below highlights the specific control measures that can be used effectively against particular threats.
Audit Tasks
The performance of audit trails has been highlighted above as one of the controls that are require to seal loopholes that make the information systems vulnerable. Various audit tasks can be performed as a form of risk assessment as argued by Gadla (2011) or as a way of evaluating the security of the information systems. The audit tasks are featured in the list below.
Database integrity audit (Gadla, 2011).
Contractual compliance audit (Gadla, 2011).
Information media audit (Gadla, 2011).
Logical trespassing audit (Gadla, 2011).
Logical attacks audit (Gadla, 2011).
Selection of third-party suppliers audit (Gadla, 2011).
Performance of third-party suppliers audit (Gadla, 2011).
Technology selection audit (Gadla, 2011).
References
Gadla, S. (2011). Cloud Computing Risk Assessment: A Case Study. Retrieved from http://www.isaca.org/Journal/Past-Issues/2011/Volume-4/Pages/Cloud-Computing-Risk- Assessment-A-Case-Study.aspx.
Romes, R. (2013). The Benefits and Risks of Cloud Computing. Retrieved from http://www.claconnect.com/Risk-Management/The-Benefits-and-Risks-of-Cloud- Computing.aspx
Sen, J. (n.d.). Security and Security and Privacy Issues in Cloud Computing. Retrieved from https://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf