KnowledgeLeader Blog

What is Cloud Computing?

Posted by Protiviti KnowledgeLeader on Thu, Dec 20, 2018 @ 10:00 AM

cloudWhat is Cloud Computing?

Cloud computing is defined as the use of a collection of services, applications, information and infrastructure composed of pools of computer, network, information and storage resources. These components can be rapidly orchestrated, provisioned, implemented, decommissioned and scaled up or down, providing for an on-demand utility-like model of allocation and consumption.

Key Features:

  • On-demand self-service
  • Standardized IT-based capability
  • Rapid elasticity
  • Web-based accessibility and flexibility
  • Location-independent resource pooling
  • Scalability and resilience
  • Priced on a consumption-based model
  • Ubiquitous network access

Cloud computing continues to be a rapidly growing, volatile and immature market that is full of cloud service providers (CSPs) with varying degrees of service types and quality. The cloud computing market is driven toward a bifurcated market of "enterprise-grade" cloud services to shore up these issues and "commodity-grade" cloud services to host less critical applications but maintain or even lower service prices. Cloud computing services and the applications that cloud platforms underpin generate a lot of data, which in turn requires cloud services and applications to make sense of it.

Common Risks Associated with Cloud Computing:

Loss of Governance – Using cloud infrastructures, the client necessarily cedes control to the cloud provider (CP) on several issues which may affect security.

Management Interface Compromise – Customer management interfaces of a public cloud provider are accessible through the internet and mediate access to larger sets of resources than traditional hosting providers, and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities.

Incomplete or Insecure Data Deletion – When a request to delete a cloud resource is made, as with most operating systems, this may not result in true wiping of the data.  Adequate or timely data deletion may also be impossible (or undesirable from a customer perspective), either because extra copies of data are stored but are not available, or because the disk to be destroyed also stores data from other clients.

Data Protection – Cloud computing poses several data protection risks for cloud customers and providers. In some cases, it may be difficult for the cloud customer to effectively check the data handling practices of the cloud provider and thus be sure that the data is handled in a lawful way.

Malicious Insider – Though less likely, the damage which may be caused by malicious insiders is often far greater. Cloud architectures necessitate certain roles which are extremely high-risk.

Isolation Failure – This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks).

Compliance Risks – Investment in achieving certification (e.g., industry standard or regulatory requirements) may be put at risk by migration to the cloud.

Visit KnowledgeLeader for more resources focused on cloud computing.

Topics: cloud computing, IT security, cybersecurity, Data Integrity Risk, governance risk & compliance

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Tour the Site

Recent Posts

Posts by Topic

see all