The Risks of Relying on the Cloud
Introduction
Cloud computing has been heralded as the future of IT, replacing a network of personal computers with massive server farms. This turns the future PC into a terminal connected to a central mainframe, the computing model of the 1950s. What are the risks of cloud computing?
Security
- Do you truly know if your data on the cloud has been compromised? And when the data is kept on a server, you may lose legal recourse to pursue the IT solution provider if information is lost or stolen. When you rent someone else's servers or pay to use space on the cloud, you are reliant upon their IT security and support personnel, as well as their willingness to inform you immediately when data is compromised.
- If you disaster recovery plan relies upon the same service provider who hosts your production data, you may want to consider another form of redundancy – such as a local copy of the data on a server you control. Otherwise, your backup is in the same place as your primary server; if one is compromised or unavailable, so might the other be.
- As Edward Snowden's revelations demonstrated, what is in the cloud isn't private, no matter how good the cloud service provider's IT security. After all, if the NSA has the files, they may share it or lose it.
New Vulnerabilities
- You become dependent upon external internet connections to access your data. If the internet connection for a company is lost but the LAN still functions, those working off of internal servers and personal computers can keep going. If everything is virtual, from your servers to your desktops, a lost network connection or simply excessive demand can cause all work to grind to a stop.
- Denial of service attacks against you or the data center shut you down. A DoS attack against your network or the cloud computing hub’s network could kill the lines of communication on which cloud computing is based.
Performance Considerations
- Moving data to a consolidated data center hosted by someone else introduces delays that do not occur if the information is stored locally.
- Even servers with adequate bandwidth could introduce delays when customers with higher priority use up most of the data center's bandwidth.
- Application hosting through the cloud may leave you dependent upon the software applications and versions the vendor chooses to make available. If you can control the software available, you may still be at the mercy of the vendor's maintenance schedule.
Financial Concerns
- Cloud computing is popular due to its on demand scalability. That is dependent upon the price sensitivity of the customer to the cost of more space and bandwidth.
- Moving software applications and data to the cloud does not eliminate the need for IT staff. You can and should have skilled IT professionals in charge of network security, maintaining your firewalls, looking for signs of data leaks within the organization, checking for viruses and unauthorized access and maintaining user permissions for access to the cloud.
- If the data center is located in another country, fluctuations in currency valuation could affect the price of the service. If you rely on a cloud service in your own country, you still face the risk that the cloud service of a smaller firm could be unavailable due to a natural disaster.
- GNU founder Richard Stallman warns that free and low cost cloud computing structures will likely become much more expensive as people abandon purchased hardware and software. Once they are reliant on the cloud for data and software, they are forced to pay whatever rate the providers charge.
Legal Issues
- If the cloud server hosts any data outside of your country, the act of storing information elsewhere could be a violation of import/export restrictions on sensitive information.
- When your data is stored “in the cloud”, it probably resides on data in massive data centers. These data centers may be in your state, in another state or even in another country. If the data is backed up on servers in another country, that nation’s laws on information security, financial data protection and privacy policies could create problems if they conflict with your laws.
How Hybrid Cloud Solutions Adds to These Problems
Using private clouds offers the scalability, flexibility and simpler management promised by cloud computing without the business risks of outsourcing business processes. However, companies then must rely upon internal expertise or hired contractors to set up and maintain a private cloud.
Hybrid cloud models, using a private cloud for some applications and a cloud service provider for others, increases the complexity of the implementation.
If the private cloud is set up to prevent some information from being stored on someone else's servers, you need to put policies and practices in place to prevent it from inadvertently reaching a location it should not be and have plans on how to completely remove it in case it is saved to the public cloud.