Risks of public cloud usage
The use of public cloud computing can be very cost effective for IT divisions in large corporations but cloud computing also entails some serious risks.
Invoice issues.
How often does it not happen that license fees for invoices are not payd in time due to small administrative issues. This often gets solved within weeks, and if the software is running on your own servers it will keep running during those few weeks. But of the license fee is at the same time the rental fee for use of the service, it can well be that the service is interrupted after a few days or weeks. If the fee concerns the ERP software you need to pay the invoices your company will be in seriously jeopardized after only a few days.
Network
This remains far and away the No. 1 concern, and includes such subcategories as data protection and privacy, physical security and application security from a Software as a Service (SaaS) provider, and cutting through the hype.
For one, don't believe the "Trust me, I'm SaaS-y" marketing, be sure to ask questions about their security policies, and visit the data center to ensure physical security.
Do your own part to protect the data and make sure everything is encrypted before it hits the net.
Do your own part to protect the data and make sure everything is encrypted before it hits the net.
Password protection
Passwords are problematic, especially because malefactors now have the compute capacity -- ironically, available on public clouds -- to bust through them.
The US federal government is taking a leadership role in the development of a federated ID ecosystem that would protect against cyberfraud.
Earlier this month, the Obama administration announced it would create a Trusted Identities in Cyberspace program, to be led by a newly formed National Program Office within the Department of Commerce.
In Belgium we have the e-Id identity card with pki keys on the identity card.
Compliancy
Speaking of borders, they might in fact be virtual but they might just as well be physical. New regulations for the financial services, health care and insurance industries place restrictions on where data physically can reside and how long it should be kept. The regulatory environment is a little hostile," perhaps to overcome a notion that the cloud is a free-trade zone. For example, some information might not be able to cross the boundaries of a country, but it's next to impossible to know where in the public cloud data exists. Furthermore, it is the reponsability of the cloud customers to make sure that cloud providers are compliant with the regulations affecting their company's data.
The US federal government is taking a leadership role in the development of a federated ID ecosystem that would protect against cyberfraud.
Earlier this month, the Obama administration announced it would create a Trusted Identities in Cyberspace program, to be led by a newly formed National Program Office within the Department of Commerce.
In Belgium we have the e-Id identity card with pki keys on the identity card.
Compliancy
Speaking of borders, they might in fact be virtual but they might just as well be physical. New regulations for the financial services, health care and insurance industries place restrictions on where data physically can reside and how long it should be kept. The regulatory environment is a little hostile," perhaps to overcome a notion that the cloud is a free-trade zone. For example, some information might not be able to cross the boundaries of a country, but it's next to impossible to know where in the public cloud data exists. Furthermore, it is the reponsability of the cloud customers to make sure that cloud providers are compliant with the regulations affecting their company's data.
Data integration
One danger in using public cloud services is the natural aggregation of data in cloud silos. Integrating data residing in the cloud with an enterprise's back-end systems is no picnic, especially if the enterprise hasn't undertaken the organizational challenge of information integration. Companies that have organized their data sets well enough to use them across multiple platforms will be best positioned to take full advantage of cloud services.
It also will be important to get into the habit of encrypting data, tagging fixed data and consolidating storage repositories. Try to limit the number of cloud platforms that have to be supported.
Cloud experts also advise the use of ETL (extract, transform, load) tools to simplify the conversion of data from one format to another. The goal is to convert information into one common format -- most likely into the extensible markup language, or XML -- to make it more portable and searchable.
One danger in using public cloud services is the natural aggregation of data in cloud silos. Integrating data residing in the cloud with an enterprise's back-end systems is no picnic, especially if the enterprise hasn't undertaken the organizational challenge of information integration. Companies that have organized their data sets well enough to use them across multiple platforms will be best positioned to take full advantage of cloud services.
It also will be important to get into the habit of encrypting data, tagging fixed data and consolidating storage repositories. Try to limit the number of cloud platforms that have to be supported.
Cloud experts also advise the use of ETL (extract, transform, load) tools to simplify the conversion of data from one format to another. The goal is to convert information into one common format -- most likely into the extensible markup language, or XML -- to make it more portable and searchable.
Vendor lock-in
This thorny issue comes down to the evolution of standards for interoperability among different cloud providers. Let's say you don't like a change in policy made by your public cloud provider and want to move your workloads to another cloud provider. In this case, the cloud might as well be the proverbial Tower of Babel, even though many vendors are making interoperability more of a priority. Microsoft's Azure platform, which is tied directly to .NET, now has an open source software development toolkit for developers working with the PHP script language; and Salesforce.com Inc.'s once proprietary Force.com development platform supports Java application development.