Cloud computing is now being used in every type of industry by organizations large and small.
Related: How Cloud Computing Has Intensified Cybersecurity Challenges
In the earliest days of cloud computing, security was a top concern and it's still a concern today. As with any form of technology, cloud security is an issue that organizations need to take a proactive approach to stay ahead of risks. For financial services firms in particular, technology investments are often considered in terms of risk. To that end, the U.S. Department of Treasury released a 71-pagecloud report in February outlining the opportunities and challenges that face financial sector cloud adoption. The report provides direction that is useful not just for financial services firms, but for any organization using the cloud.
"The recent U.S. Treasury report shines a light on the challenges of engaging with critical third- and fourth-party providers, and the need for strong governance to manage risk and ensure operational resilience," Aly Farooqui, chief risk officer for IBM Cloud for Financial Services, told ITPro Today. "These are important considerations for all regulated industries that need to keep business operations up and running at all times not only financial services."
Related: What Happened in That Cyberattack? With Some Cloud Services, You May Never Know
The report puts the need to increase operational resilience front and center and is a reminder that minimizing downtime and closing gaps in the supply chain should always be at the top of an organization's priorities, according to Farooqui.
Overall, there is a lot to unpack when it comes to understanding what cloud risk is and what it isn't, as well as best practices for organizations in all industries to consider.
There are a number of common myths and misconceptions about risks in the cloud:
Shared responsibility model. One of the most common misconceptions of risk in cloud computing concerns theshared responsibility model. With the shared responsibility model, the cloud service provider (CSP) is responsible for some things, while users are responsible for others.
Security responsibilities between CSPs and cloud customers for each cloud service model.
The reason there are misconceptions about the shared responsibility model is because there is a lack of understanding as to what specifically the consuming organization is responsible and what the CSP is responsible for, Randy Armknecht, managing director of emerging technologies and global cloud practice leader at global consulting firmProtiviti, told ITPro Today.
For instance, many organizations fall into the trap of not realizing that CSPs determine what their responsibilities are on a service-by-service basis, he noted. With hundreds of services offered, it can be quite the endeavor for a community or regional bank to get a handle on. This leads to missing items in their governance programs, which may not be caught until a risk is realized.
"I've had clients misstep most often on resilience because while the CSP may be available, that doesn't necessitate that the client's workloads will be available," Armknecht said. "The same applies when the CSP has a particular compliance certification and a client misinterprets, thinking that the CSP is responsible for a larger portion of controls than they really are."
Data backup. Another misconception is that all data stored in the cloud is automatically backed up. Tyler Moffitt, senior security analyst atOpenText, told ITPro Today that while cloud providers may provide basic data backup services, financial services firms need to have their own backup and recovery processes in place to ensure that they can quickly recover data in the event of a disaster or attack.
Compliance. There is a misconception that certain types of industries or use cases will not work in the cloud due to regulatory compliance concerns. However, many cloud providers are certified and follow data privacy standards including General Data Protection Regulation (GDPR), ISO 27001, or SOC 2 and are compliant with other regulatory requirements standards as well, according to Sam Levy, a partner at technology-focused investment bankDrake Star.
Understanding the myths and misconceptions about cloud security is a good starting point for better management of risk, though there is more that can and should be done.
So what should IT professionals be doing to reduce risk in the cloud?
The U.S. Department of Treasury report suggests that financial institutions assess cloud services to ensure compliance, security, confidentiality, and safe operations. In addition, the Treasury report notes that financial institutions should "establish a range of internal and external (within the cloud environment) security and resilience controls, configurations, and monitoring for the cloud services."
For any type of industry, Scott Siegel, data and analytics expert atPA Consulting, suggests that organizations ensure data is backed up and recovered in case of an unexpected emergency.
Data in the cloud should be encrypted, but it shouldn't be locked into a proprietary format that will only run on a single cloud provider. Srujan Akula, CEO and co-founder ofThe Modern Data Company, suggests that however an organization is operating in the cloud, it's important to make sure the data is in an open format.
"In the chance that you need to egress your data elsewhere, you do not want to be locked in with the current provider," Akula told ITPro Today.
It's also critical for organizations to conduct thorough risk assessments using approaches such as theNIST SP 800-30 guide for conducting risk assessments.
According to Protiviti's Armknecht, risk teams need to ask themselves some core questions, such as: Do we have ownership, purpose, and classification defined of all our cloud assets? Do we have visibility into the health and security of each asset? Do we have a recovery plan in place for each asset? Do we understand the shared responsibility matrix of each asset?
"I see these as the foundation to understanding and then reducing risk within your cloud environment," Armknecht said.
About the author
Read the original post:
How to Reduce Risk in Cloud Computing - ITPro Today
- Cloud computing and blue-sky thinking: An atmospheric scientist ... - Purdue University - May 25th, 2023 [May 25th, 2023]
- Singapore on track to reach cloud migration goals asks suppliers to re-apply - The Register - May 25th, 2023 [May 25th, 2023]
- Ampere Computing launches its custom chips aimed at cloud ... - Reuters - May 25th, 2023 [May 25th, 2023]
- Red Hat Summit's first day reveals key themes for the future of cloud ... - SiliconANGLE News - May 25th, 2023 [May 25th, 2023]
- Cloud Computing: Quality and Cataloging are Top Challenges ... - Formtek Blog - May 25th, 2023 [May 25th, 2023]
- Evolution of Cloud Security | Looking At Cloud Posture Management ... - SentinelOne - May 25th, 2023 [May 25th, 2023]
- Integrating Network Function Virtualization with the DevOps Pipeline ... - Open Source For You - May 25th, 2023 [May 25th, 2023]
- Global Cloud Computing in Banking Market Intelligence Report ... - Business Wire - May 25th, 2023 [May 25th, 2023]
- DaaS In Cloud Computing: Benefits And Risks - Dataconomy - May 25th, 2023 [May 25th, 2023]
- BASF strengthens R&D with more powerful supercomputer - BASF - May 25th, 2023 [May 25th, 2023]
- Alibaba approves cloud computing unit spin-off, prepares for grocery and logistics arms to go public - Yahoo Finance - May 25th, 2023 [May 25th, 2023]
- Public cloud contribution to UAE could reach $181bn by 2033 - Trade Arabia - May 25th, 2023 [May 25th, 2023]
- Women at Suncorp skill up with cloud training program - IT Brief Australia - May 25th, 2023 [May 25th, 2023]
- Oracle almost missed the bus on cloud. Can a late charge help it catch up with AWS, Azure, et al.? - Economic Times - May 25th, 2023 [May 25th, 2023]
- Global Edge Computing Technology Market Report 2023: Increasing Usage of 5G Network to Deliver Instant Communication Experiences Presents... - May 25th, 2023 [May 25th, 2023]
- Redington, Google Cloud partner to drive cloud transformation in ... - ITP.net - May 25th, 2023 [May 25th, 2023]
- Dow futures slip as Fitch places United States' AAA rating on negative watch: Live updates - CNBC - May 25th, 2023 [May 25th, 2023]
- Clore.ai Introduces Secure Cloud: Unprecedented Affordability and ... - Digital Journal - May 25th, 2023 [May 25th, 2023]
- Size of the Prize: Assessing the Market for Edge Computing in Space - Via Satellite - May 25th, 2023 [May 25th, 2023]
- Edge Computing Impact: What Does It Do? - Dataconomy - May 25th, 2023 [May 25th, 2023]
- Cloud Data Warehousing: Unleashing the Power of Azure and AWS - Experts Exchange - May 12th, 2023 [May 12th, 2023]
- Edge computing: 4 things to keep on your radar as your business cuts the edge - Times of India - May 12th, 2023 [May 12th, 2023]
- Managed IT Services in Raleigh: The 10 Biggest Cloud Migration ... - Digital Journal - May 12th, 2023 [May 12th, 2023]
- Oracle Teams with Wyndham to Bring OPERA Cloud to 2,000 ... - PR Newswire - May 12th, 2023 [May 12th, 2023]
- Microsoft Tops Cloud Computing Expectations; Alphabet Ad ... - Investopedia - May 2nd, 2023 [May 2nd, 2023]
- Worldwide public cloud end-user spent to hit $597.3bn in 2023 - Trade Arabia - May 2nd, 2023 [May 2nd, 2023]
- Cloud computing and security critical for business strategy in 2023 - Daily Host News - May 2nd, 2023 [May 2nd, 2023]
- Google Cloud partners with Polygon Labs, adding yet again to its growing roster of Web3 firms - Fortune - May 2nd, 2023 [May 2nd, 2023]
- Wireless sensor network project has history of success at SCSU St ... - St. Cloud State University - May 2nd, 2023 [May 2nd, 2023]
- Google Cloud posts first-ever operating profit despite slowing growth - CIO - May 2nd, 2023 [May 2nd, 2023]
- Mastering the Art of SOC Analysis Part 2 | Top Areas for Aspiring ... - SentinelOne - May 2nd, 2023 [May 2nd, 2023]
- Google Cloud boss Kurian's rocky path to profit: 'We were not in a very good situation' - CNBC - May 2nd, 2023 [May 2nd, 2023]
- Teradata Corp.: Leveraging Cloud Computing to Tackle Complex ... - Best Stocks - May 2nd, 2023 [May 2nd, 2023]
- NUSO Becomes a Cloud Peering Partner for Zoom Phone on ... - The Fast Mode - May 2nd, 2023 [May 2nd, 2023]
- Cloud-Based Quantum Computing Market worth $4,063 million by 2028 - Exclusive Report by MarketsandMarkets - Benzinga - May 2nd, 2023 [May 2nd, 2023]
- New cloud computing capabilities for streaming video - The Tech Panda - May 2nd, 2023 [May 2nd, 2023]
- LITEON Technology Reports Q1 2023 Sales of NT$34.2B - SMT 007 - May 2nd, 2023 [May 2nd, 2023]
- Microsoft Dominates in Cloud Computing Market - The Packet - May 2nd, 2023 [May 2nd, 2023]
- Why Modern BSS Is Crucial in Driving Operator CX and B2B ... - The Fast Mode - May 2nd, 2023 [May 2nd, 2023]
- Akamai Gets Richmond for Internal Promotion - Australia Cyber Security Magazine - May 2nd, 2023 [May 2nd, 2023]
- Alibaba To Enter The Chatbot Arena - Yahoo Finance - April 11th, 2023 [April 11th, 2023]
- New data shows digital skills are more needed than everAWS has 600+ free cloud courses that can help - About Amazon - April 11th, 2023 [April 11th, 2023]
- U.K.'s Cloud Computing Probe Could Push This Bearish ETF Higher - ETF Trends - April 11th, 2023 [April 11th, 2023]
- What is edge computing and how does it differ from traditional cloud ... - NASSCOM Community - April 11th, 2023 [April 11th, 2023]
- Bridging The Cloud Computing Skills Gap: Six Recommendations ... - Digital First Magazine - April 11th, 2023 [April 11th, 2023]
- Cloud Computing in Education Sector Market is expected to Exhibit ... - Digital Journal - April 11th, 2023 [April 11th, 2023]
- Enterprise Mobile Cloud Computing Market to Witness Astonishing ... - Digital Journal - April 11th, 2023 [April 11th, 2023]
- IoT Cloud Platform Market Is Expected To Reach USD 23.66 Billion ... - GlobeNewswire - April 11th, 2023 [April 11th, 2023]
- Xponance Inc. raises stake in Nutanix Inc. by 30.2%: A testament to ... - Best Stocks - April 11th, 2023 [April 11th, 2023]
- Cloud-native Software Market to Flourish with an Impressive CAGR ... - Digital Journal - April 11th, 2023 [April 11th, 2023]
- A Quick Guide To The History of Big Data - Baseline - April 11th, 2023 [April 11th, 2023]
- IC Manage Partners with Library Technologies to Accelerate Library ... - PR Newswire - April 11th, 2023 [April 11th, 2023]
- 4 Green IT Businesses Working to Reduce Computing's Impact on ... - InformationWeek - April 11th, 2023 [April 11th, 2023]
- How generative AI can hurt cloud operations - InfoWorld - April 9th, 2023 [April 9th, 2023]
- Microsoft stumps loyal fans by making OneDrive handle Outlook attachments - The Register - April 9th, 2023 [April 9th, 2023]
- Microsoft and Amazon face UK probe on cloud computing - Financial Times - April 9th, 2023 [April 9th, 2023]
- Why Businesses and Leaders Need to Think About Digital Value ... - CEOWORLD magazine - April 9th, 2023 [April 9th, 2023]
- Accenture and Microsoft help Unilever with huge cloud transition - CloudTech News - April 9th, 2023 [April 9th, 2023]
- GFT and CloudFrame help industries say 'cheerio' to COBOL - CloudTech News - April 9th, 2023 [April 9th, 2023]
- ServiceNow, Inc.: Leading the Way in Enterprise Cloud Computing ... - Best Stocks - April 9th, 2023 [April 9th, 2023]
- Cloud Computing Market in Healthcare Industry Demand will reach ... - Digital Journal - April 9th, 2023 [April 9th, 2023]
- What is FedRAMP High P-ATO? FedRAMP High Compliance and Certification Explained - Security Boulevard - April 9th, 2023 [April 9th, 2023]
- Cloud Native Identity and Access Management in Kubernetes - The New Stack - April 9th, 2023 [April 9th, 2023]
- Global Disaster Recovery-as-a-Service Market Expected to Grow ... - PR Newswire - April 9th, 2023 [April 9th, 2023]
- Global Hyperautomation Market to Reach $118.66 Billion by 2030: Increased Demand for Robotic Process Automation Technologies Drives Growth - Yahoo... - April 9th, 2023 [April 9th, 2023]
- Alibaba Cloud Partners with Jaguar Land Rover China - Pandaily - April 9th, 2023 [April 9th, 2023]
- Tech Stocks Have Been on Fire. Earnings Could Spell Trouble. - Barron's - April 9th, 2023 [April 9th, 2023]
- 3 common myths about sustainability and cloud computing - InfoWorld - April 5th, 2023 [April 5th, 2023]
- Amazon set to train 10,000 locals on cloud computing - Business Daily - April 5th, 2023 [April 5th, 2023]
- Amazon: Navigating The Cloud, AI, And Payments Revolution (NASDAQ:AMZN) - Seeking Alpha - April 5th, 2023 [April 5th, 2023]
- How cloud computing is transforming supply chains - DC Velocity - April 5th, 2023 [April 5th, 2023]
- Iowa's new cloud-computing deal costs nearly $40M over 10 years - The Gazette - April 5th, 2023 [April 5th, 2023]
- Petrobras' cloud computing investments set to grow 40% this year - BNamericas English - April 5th, 2023 [April 5th, 2023]
- Confidential Computing Eases Hesitancy Around Cloud Adoption - RTInsights - April 5th, 2023 [April 5th, 2023]
- Risks & Opportunities of Cloud Computing in the Fintech Sector - TechiExpert.com - April 5th, 2023 [April 5th, 2023]
- Security As A Service Market is Anticipated To Grow USD 46.24 ... - GlobeNewswire - April 5th, 2023 [April 5th, 2023]
- Versa Networks Wins 2023 Product of the Year Award for its Industry-Leading SASE Solution - Yahoo Finance - April 5th, 2023 [April 5th, 2023]
- Dresner Advisory Services Publishes 2023 Cloud Computing and ... - GlobeNewswire - April 5th, 2023 [April 5th, 2023]
- Adaptive Learning Global Market Report 2023: Growing Use of Cloud Computing Among Organizations and Educational Institutes to Motivate Learners to... - April 5th, 2023 [April 5th, 2023]
- The CNA market size is expected to grow from USD 5.9 billion in ... - GlobeNewswire - April 5th, 2023 [April 5th, 2023]