Outsourcing services to Cloud is quickly becoming a business strategy as Cloud services offer organization with increased reliability and scalability at a reduced cost. With a combination of business and delivery model to a shared pool of resources such as applications, IT components, servers, storage and etc, the cloud services are typically delivered in the form of Software as a Service (Saas), Platform as a Service (Paas) and Infrastructure as a Service (Iaas).
Cloud services offer a number of advantages which includes, scaling, cost-savings, increased reliability, resilience and availability and etc. Cloud services offer flexibility and agility for institutions to scale up or scale down on computing resources in an optimized low lead-time.
With the advantages Cloud services provides an organization with, there are many security related risk associated with its attractive public cloud deployment model. The multitenancy and ubiquitous characteristic of cloud creates an environment which is conducive to security risk. Other risks are associated with the data access, and the CIA (Confidentiality, integrity and availability) of security, regulatory compliance and etc. Cloud computing also increases the complexity and difficulty in providing adequate oversight to maintain accountability and control over deployed applications and systems throughout their lifecycle
Though cloud service providers provides necessary physical and logical controls for cloud security in place, the institution who outsources to cloud should take responsibility and accountability for maintaining an oversight and managing the risk adopted by cloud service provider. Appropriate planning is required to ensure cloud environment is as secure as possible and is compliant with all relevant governance such as organizational policies and data privacy.
Unlike on-premise environments, where access can be more tightly controlled and administered by security specialists, cloud environments can intrinsically introduce security concerns that all cloud computing professionals and organization outsourcing need to be aware of, and for which they need to have a baseline understanding.
Reference: Architectural Requirements for Cloud Computing Systems: An Enterprise Cloud Approach, © Springer Science+Business Media B.V. 2010
Cloud computing is still considered as an emerging information technology area and thus careful considerations is required to the sensitivity of data. When comes to SLA offered by Cloud service providers, mostly they are non-negotiable and organizations fail to see that these SLA’s are more in favor of the cloud provider compared to the organizations.
When non-negotiable SLAs are involved, since responsibilities normally held by the organization are given over to the cloud provider with little recourse for the organization to address problems and resolve issues, which may arise, to its satisfaction. Reaching agreement on the terms of service of a negotiated SLA for public cloud services can be a complicated process fraught with technical and legal issues. Pink Elephant provides guidance on attaining a negotiated SLA.
Considering the growing number of cloud providers and range of services offered, organizations must exercise due diligence when moving functions and related IT services to the cloud. Decision making about new services and service arrangements entails striking a balance between benefits in cost and productivity versus drawbacks in risk and liability.
Reference: Service-Oriented Cloud Computing Architecture, © 2010 IEEE Computer Society
Pink Elephant provides guidance on,
- Business Justification on embarking into using cloud services.
- Designing and Implementing a Cloud solution
- Realization assessment of unique or valuable organizational benefits that are a source of differentiation and competitive advantage moving to cloud.
- Assessment in Designing and implementing an SLA for cloud
- Review of Non-negotiable service agreements and negotiable service agreements.
- Public cloud computing environment aligning with organizational security and privacy governance.
- Ensuring client-side computing environment meets organizational security and privacy governance.
- Review of existing security architecture to ensure measures against social engineering attacks.
- Black box and White box testing process which test primarily on SLA which are based on Availability, reliability, Performance and security. On top additional test Stress and Integration.
Pink Elephant’s Certified Cloud Technology Professional offers professionals with proficiency in the fundamental cloud computing concepts, terminology, advantages, disadvantages, and general implications of using and combining common cloud computing mechanisms and cloud security mechanisms.