Cloud computing is not merely a new concept, with big companies such as Google, Amazon and Apple offering their cloud services, it has now been used by more people for their personal reasons and lives, and also by more companies who want to enhance their IT infrastructures and have a system which is cost-free and easy to access. The cloud is considered to be the best method to do so, it has a lot of pros such as; being easy, quick, the large storage capacity, the reduced costs, the worldwide mobility, availability and flexibility, but it has a lot of risks within.
Data Security and Privacy
Cloud computing is flawed on its security, and therefore its privacy, being entirely based on the internet makes it vulnerable to any hackers attacks. Nowadays all the modern IT systems and more and more every piece of technology that we are using are connected to the internet and the level of vulnerability here is much the same as everywhere else. But it is not all bad, the fact that it is a distributed network also makes it easier for companies to quickly recover from such attacks.
Data protection is the biggest concern in Internet of Things (IoT) and therefore cloud computing, when confidential information is uploaded to the cloud service providers, it means that an amount of the end user’s security and privacy control is transferred to the cloud vendor. The biggest challenge appears when the cloud provider does not understand the end user’s security and privacy needs. The risk is that confidential information is shared with an outside party and therefore, the cloud computing users need to ensure that their providers are aware of certain data security and privacy rules and regulations.
Operational Security (Cyber Attacks)
Cyber attacks are an increasing problem, if the information is on internet then it is vulnerable to a cyber attack, and due to the size and significance of the cloud, security threats are around the corner and can cause a lot of problems when there will be an inevitable security breach. With the dependance to the internet and to the cloud services, the threat levels are increasing, and also the cyber criminals are changing their ways and finding new malware and force attacks to find those vulnerabilities of the cloud services. Even though most cloud providers have strict security measures, cyber attacks increase day by day and they are finding new ways to breach those measures. A security assessment on vulnerability of the cloud provider’s security measures against external attacks will be an adequate way to ensure that data on the cloud is protected
The attacks are not always from cyber criminals or from hackers, the biggest risks are also coming within the company. The insider attacks are possible and the shared access to cloud, raises the risk of other employees or other people accessing the users cloud. The Vodafone case where 2 million customer records were breached, showed the world that in fact an insider attack is possible and it’s an important problem to be considered. If the cloud can be accessed by another person or an employee, then everything that has been uploaded to the cloud; such as secret information, data and intellectual property becomes available to anyone.
Expensive for Big Enterprises
The cloud subscription and application fees differ from cloud to cloud and big transactions can be expensive for big enterprises; above all, enterprises that need to build a strong online presence or rely on vital support systems have to invest in expensive cloud solutions. Thus, although cloud is cost-efficient, for big enterprises centered on IT support systems, the use of cloud computing services can be a little pricey.
Monitoring while on the Cloud
When a company hands over cloud computing responsibility to a service provider, all the data would be handled by them. This could create a monitoring issue for the company, and that issue can be resolved by resorting to end-to-end monitoring over the cloud.
Data Availability and Business Continuity
Internet is the basis of cloud related services, so if the internet connection is lost or if there is a problem connecting to the internet, the businesses depending on a cloud service are at risk of their continuity and the availability of the data. In some events law enforcement agencies may also seize the data-hosting server, which can also cause an interruption to the service.
The cloud computing, mostly public cloud, is preferred because of individual multiple sharing of CPU, storage, namespace and memory but this also brings a big privacy risk for a lot of cloud users. With just one simple defect, the personal and private data of the users can be accessed or seen by others or hackers. Cloud users reported that they seen other people’s data from what was meant to be a new storage space.
Cloud Compatibility Issues
Cloud has another issue with is compatibility with all the IT systems in a company. The cloud is considered the most cost efficient option for companies; however, the problem emerges out of the fact that the company would have to replace much of its existing IT infrastructures in order to make the system compatible on the cloud. Also much of a company’s data, is stored on multiple servers, so this means that if a certain cloud center develops and issue and cannot be accessed, it might cause a serious problem for the company involved. This problem would increase if the data is stored in a server of a different country. The company needs to clarify if the provider can guarantee service availability even during periods of bandwidth interruption and similar other issues.
Record Retention Requirements
Cloud services are risky on the matter of record retention. There is no guarantee what will happen if the service provider decides to shut down the business or to terminate the contract with the cloud provider, and also getting back all of the data without it being shared or used by third parties will be impossible.
The cloud provider has the disaster recovery plans send to them, by the hosting of data and IT resources on the cloud. The problem will be that the data is never safe and can be permanently lost if the service provider’s cloud is for example; took down by an attack or a malfunction. It may happen and, it did happen in the past, that’s why it is crucial to always back up the important data or have an agreement regarding data loss to avoid any damages.
The data is owned by the user who uploaded the data, but with cloud computing that’s not always the case. In cloud the users are not the only owners of the data since the stored data is in cloud provider’s servers. Even some of the cloud contracts consist of clauses that makes the provider owner of the data, so in case of a breach there will be more legal protection. The cloud is located out of reach of the user and is maintained by third party service provider. The maintenance of the cloud is provided by the provider therefore, if a user wants to use a cloud service, it has to accept the risk of sharing their data.
Lack of Standardization
The regulations and systems change from cloud service provider to another. There are no clear and standard outlines or guidelines that control the services of cloud providers. Different cloud providers has different cloud systems and everyone is operating differently, therefore there is no generic or standard “safe cloud system” among the providers.
Today, cloud computing is a necessity for making a technology transaction or personal data storage, transfer, and so on. The utilization and with that, the risks of cloud computing are increasing. Although the cloud computing poses a lot of risks, and requires a lot of precautions and security measures; these risks are manageable and can be solved by some effort. When the stated issues are resolved, the benefits of the cloud computing will certainly arise.
Fielder A. et al., Cloud computing, Study prepared for the European Parliament’s Committee on Internal Market and Consumer Protection, 2012, http://www.europarl.europa.eu/committees/en/studiesdhtml?languageDocument=EN&file=73411. p.47
Priya Viswanathan, 2017, Problems Associated with Cloud Computing and How Companies Can Tackle Them
Rinkesh Kukreja, Critical Risks and Challenges of Cloud Computing
Technology Transactions, A Practical Guide to Drafting and Negotiating Commercial Agreements, Mark G. Malven, 2017
Author: Begüm Aksoy