Cloud computing is now being used in every type of industry by organizations large and small.
Related: How Cloud Computing Has Intensified Cybersecurity Challenges
In the earliest days of cloud computing, security was a top concern and it's still a concern today. As with any form of technology, cloud security is an issue that organizations need to take a proactive approach to stay ahead of risks. For financial services firms in particular, technology investments are often considered in terms of risk. To that end, the U.S. Department of Treasury released a 71-pagecloud report in February outlining the opportunities and challenges that face financial sector cloud adoption. The report provides direction that is useful not just for financial services firms, but for any organization using the cloud.
"The recent U.S. Treasury report shines a light on the challenges of engaging with critical third- and fourth-party providers, and the need for strong governance to manage risk and ensure operational resilience," Aly Farooqui, chief risk officer for IBM Cloud for Financial Services, told ITPro Today. "These are important considerations for all regulated industries that need to keep business operations up and running at all times not only financial services."
Related: What Happened in That Cyberattack? With Some Cloud Services, You May Never Know
The report puts the need to increase operational resilience front and center and is a reminder that minimizing downtime and closing gaps in the supply chain should always be at the top of an organization's priorities, according to Farooqui.
Overall, there is a lot to unpack when it comes to understanding what cloud risk is and what it isn't, as well as best practices for organizations in all industries to consider.
There are a number of common myths and misconceptions about risks in the cloud:
Shared responsibility model. One of the most common misconceptions of risk in cloud computing concerns theshared responsibility model. With the shared responsibility model, the cloud service provider (CSP) is responsible for some things, while users are responsible for others.
Security responsibilities between CSPs and cloud customers for each cloud service model.
The reason there are misconceptions about the shared responsibility model is because there is a lack of understanding as to what specifically the consuming organization is responsible and what the CSP is responsible for, Randy Armknecht, managing director of emerging technologies and global cloud practice leader at global consulting firmProtiviti, told ITPro Today.
For instance, many organizations fall into the trap of not realizing that CSPs determine what their responsibilities are on a service-by-service basis, he noted. With hundreds of services offered, it can be quite the endeavor for a community or regional bank to get a handle on. This leads to missing items in their governance programs, which may not be caught until a risk is realized.
"I've had clients misstep most often on resilience because while the CSP may be available, that doesn't necessitate that the client's workloads will be available," Armknecht said. "The same applies when the CSP has a particular compliance certification and a client misinterprets, thinking that the CSP is responsible for a larger portion of controls than they really are."
Data backup. Another misconception is that all data stored in the cloud is automatically backed up. Tyler Moffitt, senior security analyst atOpenText, told ITPro Today that while cloud providers may provide basic data backup services, financial services firms need to have their own backup and recovery processes in place to ensure that they can quickly recover data in the event of a disaster or attack.
Compliance. There is a misconception that certain types of industries or use cases will not work in the cloud due to regulatory compliance concerns. However, many cloud providers are certified and follow data privacy standards including General Data Protection Regulation (GDPR), ISO 27001, or SOC 2 and are compliant with other regulatory requirements standards as well, according to Sam Levy, a partner at technology-focused investment bankDrake Star.
Understanding the myths and misconceptions about cloud security is a good starting point for better management of risk, though there is more that can and should be done.
So what should IT professionals be doing to reduce risk in the cloud?
The U.S. Department of Treasury report suggests that financial institutions assess cloud services to ensure compliance, security, confidentiality, and safe operations. In addition, the Treasury report notes that financial institutions should "establish a range of internal and external (within the cloud environment) security and resilience controls, configurations, and monitoring for the cloud services."
For any type of industry, Scott Siegel, data and analytics expert atPA Consulting, suggests that organizations ensure data is backed up and recovered in case of an unexpected emergency.
Data in the cloud should be encrypted, but it shouldn't be locked into a proprietary format that will only run on a single cloud provider. Srujan Akula, CEO and co-founder ofThe Modern Data Company, suggests that however an organization is operating in the cloud, it's important to make sure the data is in an open format.
"In the chance that you need to egress your data elsewhere, you do not want to be locked in with the current provider," Akula told ITPro Today.
It's also critical for organizations to conduct thorough risk assessments using approaches such as theNIST SP 800-30 guide for conducting risk assessments.
According to Protiviti's Armknecht, risk teams need to ask themselves some core questions, such as: Do we have ownership, purpose, and classification defined of all our cloud assets? Do we have visibility into the health and security of each asset? Do we have a recovery plan in place for each asset? Do we understand the shared responsibility matrix of each asset?
"I see these as the foundation to understanding and then reducing risk within your cloud environment," Armknecht said.
About the author
Read the original post:
How to Reduce Risk in Cloud Computing - ITPro Today
- 5 Questions Schools Should Ask Before Selecting a Cloud Security Platform - EdTech Magazine: Focus on K-12 - December 8th, 2023 [December 8th, 2023]
- Marvell Extends Connectivity Leadership for Accelerated Computing With Two Cloud-Optimized PAM4 Optical DSPs - PR Newswire - December 8th, 2023 [December 8th, 2023]
- Commission green lights state-aid partnership for cloud computing - Research Professional News - December 8th, 2023 [December 8th, 2023]
- EU approves 1.2 billion to boost local cloud - Computing - December 8th, 2023 [December 8th, 2023]
- How organizations can learn from cloud security breaches - TechTarget - December 8th, 2023 [December 8th, 2023]
- EU provides 1.2 billion euros for European cloud computing project - Notebookcheck.net - December 8th, 2023 [December 8th, 2023]
- Highlights from Gartner IT IOCS Conference 2023, Las Vegas - Gartner - December 8th, 2023 [December 8th, 2023]
- The EU just launched a 1.2 billion cloud project to crack US dominance - ITPro - December 8th, 2023 [December 8th, 2023]
- CoreWeave backed by Fidelity and Jane Street at $7 billion valuation as cloud provider bolsters status as one of AIs hottest startups - Fortune - December 8th, 2023 [December 8th, 2023]
- Insurtechs using AI, ML and cloud computing. - Digital Insurance - December 8th, 2023 [December 8th, 2023]
- Broadcom to divest VMware's end-user computing and Carbon Black units - The Register - December 8th, 2023 [December 8th, 2023]
- Australia building 'top secret' cloud to catch up and link with US, UK intel orgs - The Register - December 8th, 2023 [December 8th, 2023]
- CORRECTION-Nvidia in talks with Malaysia's YTL on data center deal- sources - Yahoo Eurosport UK - December 8th, 2023 [December 8th, 2023]
- NCS announces strategic partnership with Google Cloud to accelerate digital transformation in Asia Pacific, ETCIO SEA - ETCIO South East Asia - December 8th, 2023 [December 8th, 2023]
- McDonald's and Google Cloud Announce Strategic Partnership to Connect Latest Cloud Technology and Apply ... - PR Newswire - December 8th, 2023 [December 8th, 2023]
- Computing Power Market Revenue to Total USD 81.3 Billion by 2032 | Growing Investments In Data Centers - GlobeNewswire - December 8th, 2023 [December 8th, 2023]
- Aqua Security on how to navigate the Cloud's complexities - IT Brief Australia - December 8th, 2023 [December 8th, 2023]
- NCS partners with Google Cloud in Australia and Singapore - Channel Asia Singapore - December 8th, 2023 [December 8th, 2023]
- GigaIOs SuperNODE to Power TensorWave Deployment with AMD MI300X - High-Performance Computing News ... - insideHPC - December 8th, 2023 [December 8th, 2023]
- This $500 device lets you easily build your own Cloud Server instead of paying Google, Microsoft, or Amazon - Yanko Design - December 8th, 2023 [December 8th, 2023]
- What's Going On With Alibaba Cloud? - The Motley Fool - November 26th, 2023 [November 26th, 2023]
- China's Alibaba shakes up cloud unit management after scrapping the division's IPO - CNBC - November 26th, 2023 [November 26th, 2023]
- Five things to look for at AWS re:Invent 2023 - SiliconANGLE News - November 26th, 2023 [November 26th, 2023]
- Broadcom completes its $61 billion acquisition of VMware - Times of India - November 26th, 2023 [November 26th, 2023]
- On the Rise: The Top 3 Cloud Computing Stocks to Watch - Nasdaq - November 26th, 2023 [November 26th, 2023]
- What You Need to Know About Hybrid Cloud Computing - What You ... - InformationWeek - November 26th, 2023 [November 26th, 2023]
- Microsoft to invest $500 million to expand hyperscale cloud computing and AI in Quebec - MarketWatch - November 26th, 2023 [November 26th, 2023]
- Service Included, FinOps Foundation Counts Cost Of Cloud - Forbes - November 26th, 2023 [November 26th, 2023]
- Microsoft Unveils Azure Custom Chips: Revolutionizing Cloud Computing and AI Capabilities - MarkTechPost - November 26th, 2023 [November 26th, 2023]
- Why 2023 Became the Year of Next-Level Technology Value - Medium - November 26th, 2023 [November 26th, 2023]
- Edge vs Cloud or Edge plus Cloud: What is the way forward? - Express Computer - November 26th, 2023 [November 26th, 2023]
- eSurfing Cloud Launches the WisHub One-Stop Intelligent ... - PR Newswire - November 26th, 2023 [November 26th, 2023]
- Predictive Maintenance (PdM) Market to grow by USD 16.57 billion growth between 2022 - 2027 | Growth Driven by Increased adoption of advanced... - November 26th, 2023 [November 26th, 2023]
- Udemy Partners with Google Cloud as Inaugural Member of its New ... - AiThority - November 26th, 2023 [November 26th, 2023]
- AWS and DXC Technology Strengthen Alliance for Cutting-Edge ... - Read IT Quik - November 26th, 2023 [November 26th, 2023]
- Windows-as-an-app is coming - Computerworld - November 26th, 2023 [November 26th, 2023]
- 2 Soaring Stocks I'd Buy Now With No Hesitation - The Motley Fool - November 26th, 2023 [November 26th, 2023]
- ZTE holds Core Network User Congress in Thailand, driving digital ... - ZTE - November 26th, 2023 [November 26th, 2023]
- Mercedes F1 accelerates AI adoption in off-track IT transformation ... - ITPro - November 26th, 2023 [November 26th, 2023]
- Amazon wants to train millions of people in basic AI skills - TechRadar - November 26th, 2023 [November 26th, 2023]
- US grid rules preclude reliability, security benefits of cloud ... - Utility Dive - November 17th, 2023 [November 17th, 2023]
- Udemy Partners with Google Cloud as Inaugural Member of its New Cloud Endorsed Content Program - Yahoo Finance - November 17th, 2023 [November 17th, 2023]
- Google Cloud certifications nab highest-paying IT jobs - InfoWorld - November 17th, 2023 [November 17th, 2023]
- Nearly a quarter of businesses are losing more than 100,000 a ... - CloudTech News - November 17th, 2023 [November 17th, 2023]
- Cloud Security Alliance announces new zero-trust security credential - CSO Online - November 17th, 2023 [November 17th, 2023]
- Cloud Computing Market size to reach USD 2,495.2 billion by 2032 according to a new research report - WhaTech Technology and Markets News - November 17th, 2023 [November 17th, 2023]
- Vultr and Rescale Advance High-Performance Computing to Accelerate Engineering Innovation Worldwide - Yahoo Finance - November 17th, 2023 [November 17th, 2023]
- Cloudsky Showcases Breakthroughs in Cloud Computing at 2023 ... - PR Newswire - November 17th, 2023 [November 17th, 2023]
- Edenor reduces outages using cloud computing technology - Utility Week - November 17th, 2023 [November 17th, 2023]
- Software Growth Stocks: Consumption-Based Pricing Back In The ... - Investor's Business Daily - November 17th, 2023 [November 17th, 2023]
- High Availability Server Market to Cross USD 27.30 Billion in 2030 Driven by Rising Dependence on Digital Infrastructure and Surge in Cloud Computing... - November 17th, 2023 [November 17th, 2023]
- Micro Data Centers Market to Reach US$ 33.4 Billion by 2030, Driven by Growing Demand for Edge Computing and Cloud-Based Applications | According to... - November 17th, 2023 [November 17th, 2023]
- The 10 Coolest AI Tools And GenAI Products Of 2023 - CRN - November 17th, 2023 [November 17th, 2023]
- Civo CEO on free credits, egress fees, and hauling it all back on-prem - The Register - November 17th, 2023 [November 17th, 2023]
- Tech Headlines of the Week: Data Breaches, Microsoft's AI ... - Techopedia - November 17th, 2023 [November 17th, 2023]
- Vultr Announces Addition of NVIDIA GH200 Grace Hopper ... - Business Wire - November 17th, 2023 [November 17th, 2023]
- Proposed Rules Overhaul Cybersecurity Requirements for ... - JD Supra - November 17th, 2023 [November 17th, 2023]
- The #CloudExit Movement And What It Means For Amazon Stock ... - Seeking Alpha - November 17th, 2023 [November 17th, 2023]
- Nasdaq Completes Migration of Third US Market to AWS - Markets Media - November 17th, 2023 [November 17th, 2023]
- CSIT and Google Cloud partner to pilot sovereign cloud solution in ... - ETCIO South East Asia - November 17th, 2023 [November 17th, 2023]
- Qualcomm Cloud AI 100 Now Available in the Cirrascale AI ... - HPCwire - November 15th, 2023 [November 15th, 2023]
- ZTE and Computer Union join forces on cutting-edge IT solutions in ... - ZTE - November 15th, 2023 [November 15th, 2023]
- VAI Resort Taps Oracle Cloud to Deliver Rock-Star Guest Experiences - Oracle - November 15th, 2023 [November 15th, 2023]
- Oracle Helps Healthcare Organizations Improve Inventory ... - Oracle - November 15th, 2023 [November 15th, 2023]
- Paraverse Technology Releases Groundbreaking White Paper on Decentralized Operations and Trading Platforms for 3D Digital Assets - Yahoo Finance - November 15th, 2023 [November 15th, 2023]
- How to Leverage New Age Cloud Technologies for Business - Analytics Insight - November 15th, 2023 [November 15th, 2023]
- Cloud to help realise smarter AI-powered digital twins - FutureIoT - November 15th, 2023 [November 15th, 2023]
- NTT Beats New Drum To Bring Photonics-Powered AI To Industry - Forbes - November 15th, 2023 [November 15th, 2023]
- Gartner: Modernising legacy applications for cloud-native success - ComputerWeekly.com - November 15th, 2023 [November 15th, 2023]
- Alibaba Cloud and United Women Singapore launch digital female ... - ETCIO South East Asia - November 15th, 2023 [November 15th, 2023]
- KBZ Bank Digitizes for Innovation and Scale with Oracle - Oracle - November 15th, 2023 [November 15th, 2023]
- Southeast Asia's digital battle: Chinese and U.S. Big Tech face off ... - Nikkei Asia - November 15th, 2023 [November 15th, 2023]
- Vietnam Cloud Based Infrastructure as a Service Markets, Competition, Forecast & Opportunities, 2028F: Government Initiatives and Increasing... - November 15th, 2023 [November 15th, 2023]
- Cloud to drive surge in European IT spending next year - ITPro - November 15th, 2023 [November 15th, 2023]
- Oak View Group Partners with Oracle to Supercharge Fan ... - Oracle - November 15th, 2023 [November 15th, 2023]
- Momentus Inc. Announces Third Quarter 2023 Financial Results - Daily Host News - November 15th, 2023 [November 15th, 2023]
- Community and Critical Access Hospitals Select Oracle Health ... - Oracle - November 15th, 2023 [November 15th, 2023]
- AiAdvertising Reports Third Quarter 2023 Financial Results - Daily Host News - November 15th, 2023 [November 15th, 2023]
- GIC chief says investors should prefer Big Tech to start-ups on AI - Financial Times - November 15th, 2023 [November 15th, 2023]
- Daniel Seybold, Author at The New Stack - The New Stack - November 15th, 2023 [November 15th, 2023]