1 hour ago
Tiffanie Killgore
RE: Week 7 Discussion
Hello Professor and Class,
More and more businesses are switching to cloud computing, especially once we were tasked with working from home, “Simply put, cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale.” [1] What this can mean to a business is the decrease in overall operating costs, the ability to run more effectively, and change what is needed within the infrastructure as the business evolves.
Although many businesses prefer this method, it does come with its risks and challenges and will be discussed a little more:
- data loss or theft
- data leakage
- account or service hijacking
- insecure interfaces and APIs
- denial of service attacks
- technology vulnerabilities, especially in shared environments
These can be quite substantial when it comes to a business that cannot afford to have these types of issues. I believe there are many pros to having a cloud infrastructure, and until my company decided to switch to a cloud environment, I was very skeptical. I felt that it would make it easier for hackers to disturb the service and cause a lot of downtime to the business. The cloud, just like anything, can have its technical problems such as reboots, network outages, and downtime, along with those listed above. With a cloud instance, the provider owns, manages, and monitors the cloud infrastructure, which to me gives the keys to the kingdom to the new service provider. The customer/business would be able to manage applications, data, and services operated on the cloud but would not be allowed to have access to critical administrative tasks such as updating and managing the firmware or accessing the server shell. I have also realized over time that as an IT professional, there is a lot of training and classes we are required to take to understand and operate the cloud functionality.
Organizations that can work through these little challenges should be based on standard risk management technologies. Although many companies have different ideas on risk mitigation, the overall components should be:
- To determine the organization’s needs (such as key security requirements)
- To assess risk •To select and implement controls to mitigate those risks
- To assess the controls and identify any shortcomings
- To monitor the controls to ensure they are functioning effectively, Following a risk management methodology almost always provides a better, more cost-effective solution than simply implementing the best practice controls that conventional wisdom dictates. [2]
Bottom of Form
