When I talk or write about cloud computing, the first questions that come to the minds of people are:
- How do I know my data is stored in a safe way? Think: crashes, outages, viruses, providers going bankrupt etc.
- How do I know other people don’t touch my data? Think: hackers, criminals, our government, another government, the provider.
These are very valid and relevant questions. In fact, these have been valid questions for a long time already.
Cloud computing does not create these risks. These risks have been fundamental to information technology, and they have always required attention.
What I teach people in my cloud computing courses is how they can use their existing security framework to evaluate and mitigate cloud risks.
Security risks include confidentiality risks, integrity risks and availability risks. We understand these risks, we are addressing them already in IT. We only need to learn how these risks change in the world of cloud computing, and we need to learn what new ways cloud computing brings in managing these risks.
In some cases, cloud computing would bring unacceptable new risk. In some cases cloud computing will bring new and better ways to handle existing risks.
For example, in the cloud, redundancy is a lot easier.
With these insights it will become possible to properly balance the business benefit of cloud computing with the risks of cloud computing.