Cloud Computing: Convenience Versus Confidence

Posted on April 25, 2011 by Emily Holbrook

Cloud computing has become a convenient and cost efficient way for companies to store data while using remote, shared servers located in the “cloud.” But what is cheap and easy, isn’t always safe.

Take Amazon.com, for example. The company branched out into the cloud computing business five years ago and has since offered computing resources to thousands of businesses — most of them small with a low likelhood of having data backup and recovery services (bad risk management!).

Last week, that lapse in risk management was felt after Amazon.com’s cloud services crashed, disrupting web services for companies as large as Pfizer and as small as FourSquare.

The Amazon interruption, said Lew Moorman, chief strategy officer of Rackspace, a specialist in data center services, was the computing equivalent of an airplane crash.

online pharmacy arava with best prices today in the USA

It is a major episode with widespread damage. But airline travel, he noted, is still safer than traveling in a car — analogous to cloud computing being safer than data centers run by individual companies.

online pharmacy azithromycin with best prices today in the USA

As of this morning, many of the affected sites are back online, though “some historical data might be missing,” according to Chartbeat, a company that monitors the online presence of websites.

The risks of cloud computing is not a new topic among business owners, CIOs and risk managers — far from it. For years, talk has circled regarding privacy, compliance and legal issues. One recent article in PC World examines the risks of cloud computing. It covers topics such as who accesses your data, regulatory compliance and (probably most importantly) data loss and recovery.

online pharmacy zoloft with best prices today in the USA

Corporate cloud computing is expected to grow rapidly, by more than 25% a year, to $55.5 billion by 2014, according to International Data Corporation estimates. And as the popularity of cloud computing grows, so will the potential risks. With that in mind, companies are wise to evaluate such perils and plan for what could go wrong with such a modern technology marvel.

Developing Standards for The Cloud

Posted on November 9, 2010 by Jared Wade

cloud

Storing data on “The Cloud” is all the rage these days. And like any immature business technology, there is thus far not a ton of guidance for companies trying to educate themselves on the protocols, standards and best practices to follow before they make the transition from their internal servers to the cloud.

To help in this area, we just ran a feature story on the topic, highlighting the benefits (cost, speedy disaster recovery) and the risks (security, uncertain contracts with suppliers) that any risk professional should read. (Yes, I am biased … but it’s a good breakdown. You may also benefit from the advice surrounding security, customer service and integrity in “Putting Cloud Storage Providers to the Test.”)

Fortunately, however, the federal government has launched an initiative to standardize all of the key areas related to cloud computing.

The federal government’s standards organization plans to develop a roadmap for cloud computing standards and guidance, National Institute of Standards and Technology officials said Thursday during the first day of a two-day government cloud computing forum.

“Right now, when government CIOs want to go to the cloud, it’s kind of a free-for-all, and they have to think of everything themselves,” NIST director Patrick Gallagher said in a brief interview. “We want to help provide a structure.”

Developing a roadmap, officials said, will help prioritize standards efforts, looking to remove perceived barriers to cloud adoption around security, interoperability, portability and reliability.

NIST’s Strategic Cloud Computing initiative will not solve all of risk managers’ problems. Each still has to do his or her homework to determine whether or not the concerns outweigh the benefits for the organization.

But this is a good start and should help.

Ernst & Young’s Global Information Security Survey

Posted on November 4, 2010 by Emily Holbrook

Last week, I attended the Ernst & Young media roundtable to hear the results of its 2010 Global Information Security Survey (GISS). The survey includes responses from participants in 1,598 organizations in 56 countries across all major industries.

With the increase in the use of external service providers and the adoption of new technologies such as cloud computing, social networking and Web 2.0, companies are increasingly exposed to data breach threats. In fact, 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. And according to the survey, companies are taking a proactive stance as 46% indicated that their annual investment in information security is increasing. Though IT professionals are trying, not all are succeeding in keeping up with new tech threats.

“I’ve never seen this kind of shift in IT before,” said Jose Granado, the America’s practice leader for information security services within Ernst & Young. “Security professionals are trying to keep up with the pace, but aren’t really doing a great job. The have limited resources and a limited budget.”

A concern for IT professionals is mobile computing. Demands of the mobile workforce are driving changes to the way organizations support and protect the flow of information. In fact, 53% of respondents indicated that increased workforce mobility is a significant or considerable challenge to effectively delivering their information security initiatives. Aside from investing more on data loss prevention technologies, 39% of respondents are making policy adjustments to address the potential new or increased risks.

“You have to implement realistic policies,” said Chip Tsantes, principal within the financial services division of Ernst & Young. “They need to be liveable and workable, or else people will go around them. You can’t simply ban things.”

Another major concern for IT pros is the gaining popularity of cloud computing. Both Granado and Tsantes were shocked to learn that 45% of respondents (primarily those on the non-financial services side) are currently using, evaluating or are planning to use cloud computing services within the next 12 months.

“From the standpoint of a traditional IT security professional, endorsing or supporting a cloud environment is counter-intuitive,” said Granado. “How do I know where my data is and how do I know it is protected?”

So how do companies increase their confidence in cloud computing? According to the survey, 85% say that external certification would increase their trust.

So I asked Granado and Tsantes if they could tell me when they believed there would be a universal set of standards for cloud computing providers. Granado feels there is a two-to-three year timeline in regards to having something solidified. He says businesses are going to drive it; If businesses continue to push, “cloud providers would have to follow.” With more and more sensitive data calling the cloud home, let’s hope Granada is being conservative with his estimate.

cloud computing2

November Issue of Risk Management Now Online

Posted on November 3, 2010 by Emily Holbrook

It’s that time again — a new issue of Risk Management magazine is now online. The cover story in our November issue celebrates the 100th anniversary of the modern U.S. workers compensation system and highlights the fact that even though workers comp is only 100 years old, its principles date back a millennium.

Additional features in the newest issue are a first-hand account by Michael Cawley of 25 lessons learned during his 25 years as a risk manager, the pros and cons of cloud computing and seven steps to building a successful workers comp program.

Our columns explore topics such as the rise in workplace suicides, the largest data breach in history, regulatory uncertainty within the insurance industry, the Red Flags Rule, and human clinical trial insurance in South Korea. Also included are monthly staples such as our articles highlighting recent industry reports (Findings) and our book reviews (Shelf Life).

If you enjoy what you seen online, you can subscribe to the print edition to enjoy even more content.

Please let us know what you think in the comments below. And stay tuned to the blog for even more coverage in the future. Lastly, you can follow the magazine on Twitter, “like” us on Facebook and join our LinkedIn group.