Doomsayers will say what they must, but, you need to prepare for the worst and plan to deliver the best of the cloud to your organisation. It is true that there are risks attached to cloud computing. But, these risks are controllable if you know what they are and how they need to be handled. Let us examine some of the risks and understand how they can be mitigated.
The use of the Internet as the network makes cloud computing vulnerable. Several issues are often highlighted in context. First, the APIs used by cloud vendors are not checked for vulnerabilities by cloud users. This creates security problems. Second, most cloud solutions are multi-tenant solutions and vulnerabilities may be introduced at the software level, making the user content pregnable. Third, cloud computing may create several compliance risks, whatever the vendor may claim. Finally, proliferation of cloud subscriptions can complicate budgeting and IT spending and make it difficult to recognise patterns of spending, given the fact that cloud billing is usage driven.
Take a close look at the statements. You will realise that each of these problems can be effectively countered with the right tools. It is obvious that there are a number of measures that can be taken to ensure that any transactions conducted over the Internet are inviolable and cloud subscriptions do not become uncontrollable. All it requires is a little bit of common sense, tons of enforceable discipline, and plenty of planning. This is the most boring part of cloud migration, but an effort that will yield huge dividends to any organisation in the long run.
Companies launching on their cloud venture must lay down clear ground rules. A cloud purchase policy will be a good starting point. The policy must stipulate that all cloud subscriptions must be authorised by a central authority and branches or mobile users cannot subscribe to cloud vendors of their choice. If one centralised authority does all the cloud buying, it will be possible to have a complete and holistic picture of cloud spending.
Further, the centralisation of purchases will facilitate any other risk mitigation activity that the organisation may wish to undertake. For instance, the IT Administrator can examine in some detail the software deployments offered by the cloud vendor. Any multi-tenancy environments can be vetted before they can be accepted. The compliance offerings can be tested before data is transferred to the cloud. The encryption protocols offered can be evaluated for impregnability of the information being transmitted over the Internet and stored in the cloud repository. It will be a good idea to check on the disaster recovery functionalities before the final commitment is made.
The bottom line is: you are responsible for the security of your cloud. Forget what the doomsayers have to say!
