Web Links Directory - Free human edited web sites directory  - Article Details
CATEGORIES
STATISTICS
  • Active Links: 293846
  • Pending Links: 1214025
  • Todays Links: 0
  • Total Articles: 2460
  • Total Categories:
  • Sub Categories:

Cloud Computing - Assessing IT compliance and Legal Liability

Date Added: November 30, 2011 04:55:55 AM
Author: Astal Mark
Category:
Cloud Computing – How secure is it? IT risk isn’t easily transferred between parties, and assessing the risk associated with handing your data to a third party is crucial. It also pays to note that liability can’t be outsourced, regardless of the contract you‘ve made with the cloud provider. That is, if he loses your customers’ data, it will be your name in the headlines. ‘Customers will surely start to wonder if they can’t trust these firms [viz Epsilon] with their email addresses,’ says Dave Frankland, principal analyst at Forrester Research, ‘[and if it’s] really that smart to trust them with their credit card data, or with their mortgage.’ There are applications and types of data which organisations are quite happy to put in the cloud, for example, with Salesforce.com or Gmail. Yet Gmail was hacked in June 2011 and earlier, the Gmail accounts of US security firm HBGary Federal were hacked, resulting in complete and embarrassing exposure. It follows that the question isn’t a black-and-white ‘Cloud Computing or not?’ but rather: ‘how much Cloud Computing, for which applications and in what situations?’ WHAT ARE THE RISKS? To consider this carefully, we need to turn the cloud over and examine risk and liability. ‘On average, our research shows that cloud providers are less secure than on-premises IT infrastructure,’ Larry Ponemon said about the results of a recent survey by his institute. ‘and the reason that they don’t see security as their mission.’ He added: ‘CIOs and CISOs are starting to see this as a potential enormous risk ... because the environment is out of their control and they have to rely on the assurances of the cloud providers. The risks are compounded by the multi-tenancy, shared resource arrangements that are common with cloud providers. That means you’re sharing infrastructure with other cloud services customers, possibly even your competitors. What happens, for instance, when mechanisms that separate storage, memory, processing and routing between fellow co-tenants fail? How can you ensure IT compliance management in this environment? Here are some key issues for potential Cloud Computing customers to consider: •Multi-Tenancy: in large virtualised environments, the co-existence of sensitive information belonging to multiple discrete tenants is potentially hazardous; •Open door: the customer management interfaces of many cloud providers are internet-based, posing an increased risk to data security; •Data protection: there is limited control over how your cloud provider handles your data, which is complicated further by transfer of data between multiple clouds. You should look for cloud providers with high governance standards who offer compliance reports of their data processing, security activities and data controls; •Force Multiplier: by amassing data from multiple tenants in one place, cloud environments carry greater risk for wider collateral damage as we saw with Epsilon; •Virtual Storage: the dynamic nature of cloud computing makes it difficult to know where information actually resides. This lack of transparency can be a serious problem when data needs to be retrieved in the event of disaster or breach of contract; •Compliance across different geographic regions: this is a big issue for organisations with global distribution; you need to ensure that the cloud provider understands and can fulfill his responsibilities across a range of jurisdictions, with certainty; •Loss of governance: When you pass your data to cloud providers, you lose some control over its security. The cloud provider must therefore apply the same level of governance and security control as you would, and not leave exploitable gaps; •Compliance risks: Your certification for industry standards and regulations such as PCI DSS or ISO 27001 may be at risk if the cloud provider is not certified for these.
Ratings
You must be logged in to leave a rating.
Average rating: (0 votes)
Comments

No Comments Yet.


You must be logged in to leave a Comment.
ARTICLES
How to remove link from Wldirectory
Here is the short description, how to remove your link, if you no longer need it.
Get started with jewellery online shopping and find yourself many discounts and offers to avail
Today, Internet is the most versatile tools in the field of marketing. People generally uses it, as to advertise their business and products, as to attaing more and more money and also to get some merchandise.
Shared Hosting Cons And Professionals
Tie this to the fact that Bluehost offer a one month, full money back guarantee if you are unsatisfied for just about any cause. This would be particularly so as it pertains to multiple web hosting.of datacenters.
Monster Beats Headphones Outlet
A center channel is also included. When you are experienced enough, try your hand on starting your own recording studio.
Are you purchasing quality furniture?
When it comes to purchasing furniture you have so many places to choose from.