Risks in Cloud Servers - Report Example

Information Technology Risks Name Institution Lecturer Course Date Topic: An enterprise is considering whether it should use a cloud service provider application for its corporate stock control and pricing systems processing Introduction Information technology is becoming the most used form of technology in the world that has an increasing demand. Information technology is defined as the application of computer technology and telecommunication in the business world and in everyday life. The application of computer technology by different human beings is in the form of storage of information, manipulation of information, transmission of information and retrieval of information using different information systems. According to Zhang (2010), information technology has been applied in business organization in different departments such as finance and accounting, advertising, purchase and management where they have different use and levels of applications. On a personal level, information technology is used in the sending and receiving of information between different individuals in the world. Although the information technology has a number of benefits to the users, the storage, manipulation, transmission and retrieval of information or data using information systems is faced with a number of challenges and risks that make it difficulty and sometimes impossible to accomplish the benefits of information technology (Marston et al., 2011, p177). The use of cloud services has also increased since most business organisations are finding ways in which they can reduce the costs of business operations. However, these cloud services have different challenges which should be addressed in order to enjoy their benefits. The risks of information systems revolve around the privacy and security of information in different business organizations and individual computer devices (Shrum & Murray, 2012, p.1). This is because there has been an increase in the rate of cybercrimes due to poor management of information system. Hence, in order to avoid risks in information technology, there is the need to address the issues of risk management. Purpose of Report The purpose of this report is to evaluate the risks involved when a business organization users a cloud service provider in their price control systems. The report will also determine the ways in which the risks discussed can be mitigated in order to reduce them or eliminate them in a business organization. In order to understand the ways in which the risks can be mitigated, the report will focus on how the services are offered in the cloud system and in what ways is the business organisation at risk by using the cloud system provider for its information systems. Cloud Computing: Cloud Server Providers In order to understand the risks involved in cloud computing service provision, there is the need to understand how a cloud system operates. According to Miller (2008), cloud computing may be defined as the use of the internet remote servers in maintaining data and applications that are useful in customer satisfaction. These servers in cloud computing allow the customers and business owners to use various prominent business applications through the internet without having them in their personal computers. This means that customers can access useful product information through the use of an application that is not installed in his or her personal computer. This information and other personal files are accessible from any computer that has internet access (Zhang, 2010, p. 14). Therefore, cloud servers allow the central data storage, application, processing and bandwidth. The adoption of cloud computing in the organization makes it possible for customers and business to access information from any place and from any computer that has internet connectivity. Unlike the traditional data access systems using the traditional computers that required the user to be in a single location, cloud computing allows the user to access the same information from any computer in any part of the world. Examples of cloud computing include Yahoo email, Gmail and Hotmail, which allows users to share information and emails, but the applications are not installed on their devices or personal computers. This allows the business to store its information in online hardware databases where it can be accessed from any part of the world. The user does not have to be in the location of the hardware (Kopytoff (2012). Risks Assessment in Cloud Systems In relation to information technology and information systems, a risk is defined as any potential threat or harm which is likely to arise from the current information process or any emerging future events. The risks in information technology ensure that information is not available, lacks integrity and is not private. The risks in the business organization can be known to the company or may not be known. According to Grimes (2013), there are unknown risks and known risks related to information systems. The information technology risks may result into a purposeful harmful event to the information system or an accidental harm to the information system rendering the company information available to third parties or completely distorted. The risks can originate from within the business organization or can originate from external sources (Gefen & Carmel, 2008, p. 368). a) Lack of Control by Business Organization According to Shrum & Murray (2012), when the business organisation decides to user a cloud server provider, it should understand that the server provider has the full control of the server. This means that the business organization will not have full con troll of all the computing resources that are required by the business organisation in order to operate. This also means that authentication access and control of the data on the online server will entirely depend on the provider. The business organization cannot have access to the data stored in he shared server without permission from the service provider; hence the business organization cannot change its information any time it wishes to do so (Kopytoff, 2012). In times when there is a service outage by the service provider, the business organization will not be able to transact any business activities as it lacks any control over the cloud server. For example, Netflix experienced total outage of about two days in December 2012 when its provider, Amazon was experiencing service outage in eastern parts of United States. b) Security and Privacy of Online Stored Data According to Kopytoff (2012), data privacy and security are crucial issues when the control and server is shared. Since the data of the business organization is stored in a cloud, and not physically in the business organization, it is vulnerable for attack by third parties, and may become visible to other competitors. Although most cloud server providers are able to buy and use current and up to date security software, these cloud providers may not have the same security motivation as the business organization in terms of data protection. The development of malware and other hacking tools may mean that data encryption keys may become visible to hackers resulting in data distortion. For example, most of the cloud provider uses a common encryption key in storing data and data backup. Hence the malicious actors may infiltrate cloud service providers in order to gain access to company information. As Grimes (2013) describes it, some service providers are located in different locations from the business organization, probably across stateliness. This means that in case the company data is involved in a criminal case, different legislation may apply especially in the country where the cloud service provider is located. If the law allows the viewing of data, it will mean that the company data will become accessible to third parties. Data encryption laws also vary from one country to the other. In cases where the cloud server provider and the business organization are located in different countries the laws may affect the encryption of data. This is because some countries do not allow data to leave or enter their country while encrypted. The data should ne unencrypted first affecting the integrity and confidentiality of data. Data loss due to malicious hackers in the internet is also a possibility. Data can also be lost when the server provider is not careful enough to take care of the data of the business organisation. The loss of data has a negative impact when it comes to customer relationship with the business organisation. This is because customers lose trust on the business organisation to handle their data. In terms of stock control and pricing, the company data may become available to third parties who may use it against the business organisation resulting in stock loss (Shrum & Murray, 2012, p. 1). c) Shared Technology Vulnerability The services providers in cloud computing share infrastructures such as platforms and application in order to deliver services to their customers in what can be termed as a scalable manner. Since the architecture of the system is designed for multi-customers, the risks of shared vulnerability exist. In a case where some of the components of the shared integral components are compromised, the whole application is compromised such that its components become exposed and breached. Spinola (2008) argues that the shared infrastructure also mean that when another customer who is offered the same services by the cloud services provider interferes with the cloud system and server, all the clients who depend on the server will not be able to access their information. This would mean that information will become unavailable for use in the business organization. The lack of information availability in the business organization mean that it will be difficult for the business organisation to evaluate its stock and pricing systems thus the likelihood of making losses. Risk Mitigation and Control Before the business organization can decide on whether to use the cloud sever provider in its business organization to control its stock and pricing, there is the need for the company to design control strategies and mitigations that will enable it to reduce the risks that are involved in the cloud server systems. A clear understanding of the risks is important in order to address the appropriate mitigation and control measures in order to ensure the information of the business organisation is secure and available any time (Shrum & Murray, 2012, p.3). a) Planning For Service Outage Sever outage is one of the risks that are involved in cloud servers that may result to losses in a business organization. In order to manage this risk, the business organisation should ensure that it has plans to deal with server outage. Examples of cloud service providers that had experienced outages include Amazon, Microsoft, and Salesforce, meaning that business organization should be careful withy outages. Before getting the services of the cloud provider, the business organization should determine and evaluate whether the server provider has a system that allows data recovery and data recover systems. If the service provider has no data recovery plans and data recovery systems, the business organization can look for another cloud provider (Spinola, 2008). However, it is important for the business organization to have its own data recovery approach and systems that are compatible with the cloud server provider so as to enables the recovery of their data in case of an outage. Strategy and approach: the business organization should have a strategic plan that it can use to avoid outages. For example, it can design a hybrid approach of its own that works with a public cloud. The business organization will pay for the management and control of this private cloud to the scale of a public cloud as per the needs of the business organization. In addition, the business organization may consider using cloud services from ma cloud sever with multiple providers. This will enable the business organization to deal with server outages (Shrum & Murray, 2012, p. 4). b) Monitoring The Activities Of Cloud Providers The business organization should design and implement ways to ensure that the terms of agreement with the cloud provider are honoured. This means that the company should always keep abreast of all the security control measures which are used by the cloud service provider in ensuring safety of the data it stores. In addition, the business organization should be able to monitor the trends of the cloud provider to keep current on the different ways to deal with cybercrimes. This will assure the business organization that its data is safe from third parties. Strategy: in order to be able to monitor security issues of the cloud provider, the business organization should demand all the necessary information it requires to monitor its business in the cloud server. This would mean that the business organization would have control and access of its business information in the cloud just like it would be in the premises of the business itself. This reduces the resistance which is seen in cloud computing. In addition, the business organization should be specific enough to ensure safety of its critical information (Shrum & Murray, 2012, p.4). c) The Business organization should be smart When negotiating for the services in cloud computing, the business organization representatives should be smart. They should be able to select cloud providers who are not rigid and are willing to enter into agreement with the business organization. The agreements are designed in a way that the business organisation will operate in an efficient manner in the cloud server. This means that the business organization should ensure that the agreement takes care of their security requirements in order to ensure safety and privacy of it information in the cloud server (Grimes, 2013). Strategy: the business organisation should compare different service level agreements with different cloud server providers and determine the service level agreement that suit their requirements. This is because there are some service providers who isolate themselves from any losses that result from outage and other security issues of their cloud servers. The business organization should have power of attorney before signing the agreements so as to make it binding. The best terms that can be negotiated in a service level agreement include handling of data in the cloud server, security of the data in the cloud server, and data recovery plans and systems used by the business organization and the cloud service providers. The negotiations can also pay particular interest to control and change of control of data, access of the data and law enforcements concerning the business organization information in the cloud servers (Shrum & Murray, 2012, p.3). d) Be Cautious The business organisation should exercise caution when it comes to cloud service providers. They should ensure that they constantly build the trust with the service providers. This means that the business organisation should not use the cloud services with more critical issues before they are sure with the provider. This way the business organization will develop the trust on whether to use it for critical information or not (Shrum & Murray, 2012, p.4). Conclusion Information technology has become integrated in the activities of business organisation such that most organisations use it to improve service delivery to their customers. However, the use of information technology is faced with a number of challenges. Among the most emerging technology is the use of cloud servers by business organisations. Cloud computing may be defined as the use of the internet remote servers in maintaining data and applications that are useful in customer satisfaction. These servers in cloud computing allow the customers and business owners to use various prominent business applications through the internet without having them in their personal computers. The risks that a business organization may face by using cloud servers include security and privacy of the data in the cloud server, minimal access to the data, shared vulnerability and data loss. In order to ensure the business organisation does not suffer the risks, proper mitigation and control of the risks should be developed. References Gefen, D. & Carmel, E. (2008). Is the world really flat? A look at offshoring at an online programming marketplace. MIS Quarterly, 32 (2), 367-384. Grimes, R 2013. The 5 cloud risks you have to stop ignoring. InfoWorld. Available at http://www.infoworld.com/d/security/the-5-cloud-risks-you-have-stop-ignoring-214696?page=0,1. Accessed on 5th April 2014. Kopytoff, V 2012. The Cloud Carries Risks, Too. Bloomberg BusinessWeek. Available: http://www.businessweek.com/articles/2012-08-07/the-cloud-carries-risks-too (Accessed on 5th April 2014. Marston, S., Li, Z., Bandyopadhyay, S., Zhanf, J., & Ghalsasi, A., 2011. Cloud computing— the business perspective. Decisions Support System, 51: pp. 176-189. Miller, M., 2008. Cloud Computing: Web-Based Applications That Change the Way You Work and Collaborate Online. New Jersey: Que Publishing. Shrum, S., & Murray, P 2012. Common Risks of Using Business Apps in the Cloud. US-CERT, PP.1-6 Spinola, M 2008. An Essential Guide to Possibilities and Risks of Cloud Computing. Available: http://www.mariaspinola.com/whitepapers/An_Essential_Guide_to_Possibilities_and_Risks_of_Cloud_Computing­A_Pragmatic_Effective_and_Hype_Free_Approach_For_Strategic_Enterprise_Decision_Making.pdf. Accessed on 5th April 2014. Zhang, C 2010. Privacy and security for online social networks: challenges and opportunities’, Journal of Information, Science and Technology, vol. 24, no. 4, pp. 13 – 18. Read More