ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Costs and Benefits of Using the Cloud

The Costs and Benefits of Using the Cloud

| Published: 11/3/2014 3:15 PM | Category: Cloud Computing | Permalink | Email this Post | Comments (0)
Eduardo Gelbstein and Viktor PolicEduardo Gelbstein and Viktor Polic
 
For a long time, organizations and individuals have relied on third-party services relating to data, information systems, and infrastructure, and many lessons have been learned in the process.
 
Cloud computing has established itself as a potentially valuable addition to the portfolio of third-party services. But cloud computing can introduce several issues for data owners, particularly when the data is considered sensitive in terms of confidentiality, access rights and privileges.
 
While the benefits of cloud computing are easy to understand (e.g., lower cost, flexibility, transfer of accountabilities for operational activities), it is prudent to remember the old adage, “If it looks too good to be true, it probably is,” and devote time to a detailed assessment of the issues described in our recent Journal article.
 

Cloud-related issues raised in conference discussions and various publications focus on concerns such as:

  • Data ownership and what the service provider is or is not allowed to do with this data
  • The use of encryption and management of the encryption keys and digital certificates
  • Identity and access management
  • Compliance with data protection legislation, particularly about the location of the data
  • Compliance with privacy protection legislation
  • Terms of contract, including the right to audit the service provider
  • Confidentiality and nondisclosures by the service provider
  • Access rights to data by the personnel of the service providers and its suppliers or service providers
  • Guarantees that in the case of termination of a contract there will be no copies of data left with the service provider
Other issues that could effect cloud computing are:
  • The impact on the data owners if the service provider goes out of business or is the target for an acquisition by a third party
  • The feasibility of terminating a contract and migrating the data (and related services) to another service provider
The real issue may be one of timing—the cloud is likely to be part of the service portfolio offered by third parties for many years to come. Optimists and risk takers will no doubt gain the benefits of cloud computing sooner and gain valuable experience in doing so. Those whose risk appetite is limited and deal with custom, critical applications may choose to wait until the issues discussed in our Journal article have been addressed and resolved appropriately.
 
Read Eduardo Gelbstein and Viktor Polic’s recent Journal article:
Data Owners’ Responsibilities When Migrating to the Cloud,” ISACA Journal, volume 6, 2014.

Comments

There are no comments yet for this post.
Email