About Us

Read More >>

Home > Security

Briefs

Cloud Computing Risks

Shipley, Greg | 04/17/10
 (0 ratings) | 0Comments  

You can't measure what you can't see. So how is IT supposed to evaluate the risk of moving critical services or data into an opaque cloud?

A few months ago, my CFO forwarded me a rather sizable "pro-cloud" white paper that’s been making the rounds in a number of non-IT executive circles. The paper, written by a venture capital team and targeting CXO readers, made some valid points. But its overarching message was an unapologetic push to use the cloud "whenever and wherever you can." The word "risk" didn’t appear anywhere in the document.

 

The benefits of cloud computing might be real, but the blatant omission of any mention of a downside has all the hallmarks of blind hyping; we wouldn’t be surprised if the authors had substantial stakes in one or more cloud providers. The paper also drives home the reality that this discussion, like it or not, is occurring far outside IT circles. In fact, some organizations are using cloud services without IT, security or risk management teams even being aware that data is leaving the network. One organization we spoke with, for example, didn’t know its employees were using Amazon’s Elastic Compute Cloud services until those employees tried to expense the bills. It was accounting--not IT--that blew the whistle.

Table of Contents

    Cloud Computing Risks

About the Author

Research: Cloud Governance, Risk and Compliance

Greg Shipley has spent his career as an information security practitioner, starting out in IT operations, later moving into penetration testing, and eventually working his way up to in-depth product evaluation and security program management. He was formerly CTO of information security firm Neohapsis.

Greg is well known in the industry for his insight into technology and product trends. He is a contributing editor for InformationWeek and a frequent speaker for industry organizations such as IANS and ISSA. In 2001, Greg received the prestigious Neal Award from the American Business Media for Best Single Article, and he continues to be a prolific author today. Over the past 10 years, Greg has been responsible for evaluating, testing and writing about the evolution of information protection technology and has earned a reputation for in-depth and candid analysis.

Be the first one to comment.


Register Now Close

Making the right technology choices is a challenge for IT pros everywhere. Whether it’s sorting through vendor claims, justifying new projects or implementing new systems, there's no substitute for the help and guidance of experienced peers. InformationWeek Reports connects you with thousands of your peers. They’ll help you pick the right technologies, ask the right questions and avoid pitfalls. Registration includes:

  • Thousands of research reports that tell you why and how your peers are adopting emerging technologies. Key annual surveys track how technology use changes from year to year
  • Strategy sessions and best practice reports that help you chart a path for successful technology adoption
  • Salary surveys and professional development guides that help you find and improve your place in the market
  • All written by your most trusted source for information - your peers

Registration Already Registered? Login

Related Reports

There's a storm of change brewing. For those charged with information security, the challenge is to maintain visibility and guide our organizations to a sane balance among cost, access and safety. In this report, we analyze results of our poll of more than 500 business technology professionals and explain how to minimize risk when a third party is managing your data or providing mission-critical services.

Research: Cloud Risk

There's a storm of change brewing. For those charged with information security, the challenge is to maintain visibility and guide our organizations to a sane balance among cost, access and safety. In this report, we analyze results of our poll of more than 500 business technology professionals and explain how to minimize risk when a third party is managing your data or providing mission-critical services.

Continue Reading >>

Enabling People and Organizations to Harness the Transformative Power of Technology

svn