Security Risks of Cloud Computing
Private vs Public
What is Cloud Computing? “Cloud computing is the delivery of computing services—servers, storage, databases, networking, software, analytics, intelligence and more—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale.” ~ Azure Microsoft. Cloud computing has evolved throughout the last few decades. Many companies have transitioned into the cloud platform where some have decided to stay with their own physical locations and devices. The majority of companies do think that cloud platforms are the best way to go and that it is more beneficial than any other solutions. It has proven why cloud platform is more beneficial, but not many companies or people wonder why some turned away from the cloud platform, such as using private cloud rather than the public cloud. This research paper is intended to discover why companies turned away from cloud computing and some of the risk factors of cloud computing.
History of Cloud Computing
I always wondered when cloud computing started. Based on my research, cloud computing started back in the 1950s with mainframe computing, ‘Neto, IBM, 2014’. Multiple users were able to access the central computer through dumb terminals that can only give them access to the mainframe. Due to costs being high to buy and maintain a mainframe computer for each employee and at that time users or companies did not need as much storage capacity and processing power compared to what we have now.
In the 1970s, virtual machine (VMs) was created. Virtualization made it possible to execute multiple operating systems to operate at the same time in an isolated environment. Virtualization helped the mainframe computer to its next level by providing multiple computing environments to reside in one physical environment. Virtualization became a big spur in the evolution of communication and information.
Then in the 1990s, virtualized private network connections were offered by telecommunication companies. Then in 1999, Salesforce.com became the first business to provide applications as Software as a Service. In 2003, videos, music, and other multimedia were provided online. Since then, every major tech company such as Google, IBM, AWS, Microsoft, etc., started expanding Cloud Computing and created different services that are cheaper, faster, and easier ways for businesses to pursue higher developments.
Benefits and Risks of Cloud Computing
All applications and software have their benefits and risks. In this section of my paper, I would like to further explore the main benefits and risks of cloud computing.
Benefits
- Cost saving and increase in efficiency, because cloud computing saves time to access your company’s data and money in starting up projects. Most of the cloud services that we know of are pay-as-you-go. Also, it reduces both the CAPEX and OPEX of the organization by moving to the cloud.
- Scalability, allows the organization to freely scale up and down depending on their usage which can incorporate with their cost savings as well.
- Business continuity, if any natural disasters were to happen, the organization has already backed up its data and it will protect to minimize any downtime of the organization’s productivity.
- The user gets to access their data from anywhere. If it is an authorized user, he or she will be able to access the organization’s data from anywhere by using any device.
Risks
- Security and data integrity, since having data hosted in-house is already a risk, then why would having your data offsite would be less risky? Having the data hosted on an off-site premise would be at a higher risk than having it hosted in-house. Having the data stored off-site makes it more vulnerable to attackers since the data will be traveling more. However, technology is always improving which can help improve the security of our data in the cloud, but when every time technology improves, the hackers’ skills are improving as well.
- Network dependency, as well all know that cloud computing is all about having a good internet connection. Every organization or every individual needs access to an internet connection to access their data in the cloud. If an organization was doing a multimillion or multibillion dollar transaction and then the transaction gets interrupted due to an outage, there would be plenty of delays in the transaction and would eventually have to start all over again. Natural disasters should always be on the providers' and users' minds, if something big and crazy ever occurs that can take down the entire world’s internet connection, imagine what would happen to all those secret data that the government has stored, or all the electronic files that the organizations have kept hidden away, it can serious damages to those organizations.
- The government and financial institutes operate their own IT services, therefore, it makes it difficult to create hybrid systems in their environments. They know the benefits of having their data offsite that it can improve efficiency and performance, however, they still want to keep their data onsite as they know having their data offsite is at a higher risk of being vulnerable to attackers.
- Centralization is one of the big risks as well, because when a provider’s service goes down then all of their clients will be affected as well. This is also related to network dependency because let’s say our provider is located somewhere in CA and our office is here in Tampa. Unluckily, our provider’s data center is in an area where there was a wildfire and it got impacted. Imagine having their system go down for 12-24 hours, which means that we will not able to access our data for 12-24 hours. Therefore, centralized data is another risk for cloud computing.
There were plenty of risks that I have found during my research, however, I believe the above risks would be the top risks for cloud computing. However, just a name few more risks that I have found during my research: Privileged user access, Privileged user access, Regulatory compliance, Data location, Data segregation, Recovery, Investigative support, and Long-term viability.
Types of Clouds Deployment
An organization needs to know how to choose the best cloud deployment for its organization. As we have all learned that there are four different kinds of clouds in cloud computing which are public, private, hybrid, and community clouds, however, I wanted to further explore public, private, and hybrid clouds.
Public Cloud
One of the most common ways of cloud deployment is the public cloud. In the public cloud, the cloud is owned and managed by a third-party cloud service provider via an internet platform (off-premises). An example of a public cloud service provider would be Microsoft Azure. In the public cloud, all software, hardware, storage, and network devices are operated and managed by the service providers.
Private Cloud
A private cloud is mainly for individual organizations or businesses. Unlike the public cloud, the private cloud is physically located at the organization’s data center (on-premise). All services, hardware, and software are operated and managed by individual employees that are only dedicated to working for that specific organization. The private cloud is great for organizations that would like to customize their infrastructures and systems by their IT requirements. For example, private cloud deployment is great for government agencies, financial services firms, and any other large-sized organizations that want to be more in control of their environment. IBM Cloud is one of the private cloud providers, below diagram explains how the private cloud is structured.
Hybrid Cloud
According to Microsoft Azure, a hybrid cloud is often called “the best of both worlds”, because hybrid clouds can be a mixture of public and private clouds. Meaning that the organization can have more than one cloud deployment model, the organization can have both on-premise and off-premise infrastructure. A hybrid cloud offers flexibility in transiting data between private and public clouds. As Microsoft Azure suggests, the organization can use the “public cloud for high-volume, lower-security needs as such as web-based email, and the private cloud for more sensitive, business-critical operations like financial reporting”. The below diagram is from VMware, the diagram shows us how the hybrid cloud is architected with both on and off-premises structures.
Benefits of Public, Private, and Hybrid Cloud Deployments
Public Cloud
- Lower costs – no need to purchase any software or hardware, the organization only pays for what they use.
- Requires no maintenance – the service provider oversees all maintenance and all other services.
- High reliability – all networks work together to make sure that the organization’s network does not fail.
- Unlimited scalability – depending on the business needs, the service provider provides on-demand resources that are available for the organization’s needs.
Private Cloud
- High scalability – private clouds have higher scalability and efficiency.
- Higher security – unlike the public cloud, the private cloud is installed on the data center that is located in the organization. Therefore, it creates a more secure environment for the data and the organization will not have shared resources with others. The private cloud offers higher security and controls.
- Higher flexibility – private cloud’s environment can be customized according to the needs of the organization.
Hybrid Cloud
- Control – the organization is in control of its private infrastructure where it can control its sensitive data and assets.
- Ease – with hybrid cloud, makes it easier to transition from the private to the public cloud.
- Cost-effectiveness – since it involves the public cloud, it is cost-efficient because the organization will still only pay for its use.
- Flexibility – having a public cloud in the environment is also beneficial because the organization can still use its resources.
Which cloud deployment is the best?
According to my research, it depends on who you are as an organization and depends on the organization’s needs as well. Therefore, choosing the right cloud deployment is a model very essential to the organization. For example, if you are an organization that does small businesses and do not mind sharing your resources with others, then the public cloud can be the organization’s choice. However, if your organization has high sensitive information that is top secret, then it is important to choose the private cloud. A hybrid cloud can be an option for this kind of organization as well, however, having a hybrid cloud means certain things are going to be shared and it will not be as secure as solely having a private cloud. If it is a mid-size organization that does not carry as much sensitive data, but does not mind sharing some of its resources with others and likes to control its system, then the hybrid cloud would be the best choice for the organization.
Conclusion
Recently, a lot of organizations have chosen private cloud over public cloud due to certain security reasons. AWS, Google, and all other public clouds have been very popular amongst the organization. Some of the Fortune 100 companies use these cloud providers, however, some have learned that private clouds are more secure than some of these public cloud providers. Therefore, many of these service providers are creating private cloud services to get their customers back again. According to CRN, “Businesses are migrating their applications and data away from the public cloud, 80 percent of 400 IT decision-makers that participated in the IDC’s 2018 Cloud and Al Adoption Survey said their organization has migrated from public cloud to an on-premise private cloud environment since last year”. People are becoming smarter with their data and gaining more knowledge about the cloud computing, specifically about public clouds. According to the survey that was done by IDC, they said that the “Top reason for businesses moving away from the public cloud was security” due to the reason “that somehow the vendor you choose – whether it be Amazon or Google or Azure - that they provide services natively. If the organization goes with that approach and does not take the time to architect the right security or right data protection solution, then the organization is certainly being at high risk”.
References
- History of Cloud Computing, October 2, 2017. https://www.theaccessgroup.com/hosting/resources/our-blog/history-of-cloud-computing/
- Risks and Benefits of Cloud Computing, Shagin, Abby, October 25, 2012. https://www.digitalistmag.com/technologies/cloud-computing/2012/10/25/risks-and-benefits-of-cloud-computing-020025
- What are public, private, and hybrid clouds? Microsoft Azure. https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds/
- Hybrid Cloud and Hybrid Cloud Manager, VMware, Francis, Michael, March 11, 2016 https://blogs.vmware.com/consulting/2016/03/hybrid-cloud-and-hybrid-cloud-manager.html
- Businesses are Moving from Cloud Due to Security, Says IDC Survey. Haranas, Mark. August 13, 2018, CRN. https://www.crn.com/businesses-moving-from-public-cloud-due-to-security-says-idc-survey
Tagged with:
private cloud cloud computing public cloud hybrid cloud