Data Security & Privacy

Gartner Comes Out With Top 7 Cloud Computing Security Risks

 
On July 2, 2009, NetworkWorld published an article entitled, "Gartner: Seven Cloud-Computing Security Risks."  A brief synopsis of the article is that, according to Gartner, "Cloud Computing" is fraught with lots of tangible and intangible risks.  They suggest that a security assessment from a neutral third-party be conducted before an organization commits to a cloud vendor.  Gartner seems to reinforce what I have been advocating for all this time, namely that corporate fiduciaries have relied entirely too long on the expert advice of their IT professionals when dealing with matters of technology.   Not that I can blame them, most lawyers do not even know what "cloud computing" is, and therefore, how can a corporate fiduciary expect to be reasonably informed on the dangers and risks associated with doing business in the clouds? 
 
Gartner states that cloud computing has unique attributes that require risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and audit, should be considered in the decision-making process.  Cloud computing, for the unitiated, according to Gartner, is defined as "massively scalable IT-enabled capabilities that are delivered ‘as a service’ to external customers using Internet technologies."  It will be interesting to see how the cloud-computing community will respond to Garnter’s suggestion that customers (1) demand transparency from their vendor; (2) avoid any vendor that refuses to provide detailed information on a security program; (3) inquire into the qualifications of policymakers, architects, coders and operators, risk control processes and technical mechanisms; and (4) demand a level of testing to ensure that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.
 
I highly doubt it that cloud computing vendors like Microsoft, Amazon, and Google, will allow customers to troll through their networks in performing a security assessment to determine what any potential risks could be, but the suggestion is correct.  The most likely reaction, by the cloud provider, will be, "if you don’t like the way we do things, go somewhere else."  The suggestions raised by Garnter are the pressing issues has the cloud computing world begins to open up more, but the reality is that business owners are still stuck in 20th Century business practices.
 
To read more about the Gartner article, please click here:  Gartner: Seven Cloud-Computing Security Risks
 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.