New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Issue identification cloud computing
1. ISSUE IDENTIFICATION- CLOUD COMPUTING
Girish Subramaniam
I. Issue Background and Definition
One has to be living under a rock these days if the person has not heard of Cloud
Computing. It is anemerging opportunity in IT service delivery, facilitating on-demand
access to shared pools of computing resources—from networks and storage to servers and
applications. On top of efficiencies and cost reductions, it promises rapid delivery of
services for business agility. Adoption is at a very large scale in most of the industries
and a survey reveals two-thirds of responding organizations are planning or adopting
cloud computing.
Still, security and compliance concerns continue to slow adoption—it’s consistently the
number one cited challenge to cloud computing. There is little or no control over business
data (assets of the firm). This is because data lies in physical locations that are mostly
unknown (distributed database).
Lack of Visibility= Lack of Security
Clouds are generally of two types:
1) Public Clouds- that offer compelling scale and cost considerations but does not
address the above concerns
2) Private Cloud- that might be as costly as data centers but offer much better data
security as there is a firewall in place.
2. II. Industry specific focus
The industry that is impacted by the above concerns is the Financial Services Industry-
Banking (Commercial/Retail), Investment Banks, Insurance. The most important element
in this industry is client information. The data is of high criticality and has financial and
reputational risk. Post-recession, tougher regulatory and compliance norms have been put
in place wherein banks are required to focus tremendously on anti-money laundering,
frauds that ultimately lead to proper Data Controls and Security.
As mentioned earlier, Data security is the primary concern for the Financial Services
Industrybefore it adopts the cloud.
The two main criteria to be met are Data Control and Visibility:
1) Control
Availability- Accessing resources (data) and recovering resources in case of
failure
Integrity- Ensuring that only authorized persons have access to information and
application
Confidentiality- Protecting how personal data (information) is obtained and used
2) Visibility
Compliance- Meeting specific regulatory requirements/industry standard & rules
Governance- Establishing usage rights and enforcing policies, procedures &
controls
Risk Management- Managing threats to business risks/interruptions
The above criteria listed are very difficult to meet because of the following reasons:
3. 1) Clouds are generally managed by Cloud Service Provider (external vendors). Data can be
accessed by these vendors and thus a proper agreement needs to be in place for public
clouds to ensure data security.
2) Due to improper backups or application failures, there can be chances of loss of data.
3) Since the data is stored in physical servers, the location of the data is mostly unknown
given the complicated network of databases- especially in public clouds. This makes the
site inspections and audits very hard and complicated.
4) Constant connectivity is a must to ensure continuous access to data.
5) High difficulty in migrating to another Cloud Service Provider.
6) High dependency of the financial health of the Cloud Service Provider
Due to the recession, the financial markets are currently in the red and the banks/institutions
are finding it extremely difficult to make profits. Given that cloud computing is an emerging
technology that helps clients reduce costs, a lot of industries have been adopting it and it has
had an impact on the balance sheet of the firms in those industries. Therefore, financial
industry wants to explore the usage of this technology and thus the above issue holds a lot of
importance and concern for the firms within these industries.
Understanding the Issue
4. It is very important for CIO and managers to get in-depth of the issues and ask questions
such as:
1) Who can see my clients’ data?
2) What regulatory and compliance audits has the firm completed?
3) If the firm doesn’t keep data in its own systems, how can we ensure it is safe?
4) How complicated will my login process be?
5) If a client asks me whether we can guarantee security of his or her data, how should I
answer?
6) What safeguards are in place to ensure data is never viewed by someone who
shouldn’t see it?
7) If the system is compromised, what’s the emergency action plan, and how will that be
communicated to our clients?
The answers to these questions might help them in taking a decision of whether to go
with Cloud Computing.
Not Understanding the Issue
One important thing to consider is that there might be situation in whichfinancial
institutions leave themselves vulnerable to attack because they assume their cloud
provider is taking care of security. Security and cloud hosting are two separate things, but
the cost of entry is so low, and often so simple, that customers may not do as much due
diligence as they should to find out who's responsible for security.
5. Therefore it is very important for CIO’s of banks/insurance firms to understand the issues
with respect to cloud computing.
Source: Cloud Security Myths and Strategies Uncovered- White Paper
Disadvantages of Cloud Computing- White Paper
IBM white paper on Cloud Computing