siliconindia logo
CIO City >>  Expert  >>  

Rupesh Argonda

"Organizations need to adopt a risk based approach before selecting a cloud based product or service"

Use And Implementation Of Cloud In Business
Cloud service providers can be categorized as Private, Public, Hybrid or Community. Each of these has their own merits and demerits. They could be used by organization based on their specific requirements:
1. Enhancing social perception of the organization is essential and can be easily met with providing users access to social networking sites on the public and community cloud. However, implementing organizations need to have a good usage policy, conduct regular monitoring and build user awareness to ensure the facility is not misused.
2. For financial organizations, the law of the land presides over industry regulation. In such cases it is essential to ensure data is within a geographic location and not dispersed around the world.
3. Segregation of crucial business services on private cloud with redundancy and disaster recovery and other services on public cloud.
There are 14 domains covered in Cloud Security Alliance’s security guidance for cloud computing. This guide in its third edition seeks to establish a stable, secure baseline for cloud operations. It provides a practical, actionable road map to managers to adopt services on the
cloud safely and securely.

Few additional concern areas are:
Multi-tenancy
When a single instance of resource is shared with various other organizations, it leads to huge security concerns. With a multitenant architecture, a software application is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application instance. Access control needs to be very strong and stringently managed. All aspect of data, be at rest as well as in motion must be secured from unauthorized access.

Trust boundaries
Advances in mobile computing have lead to ubiquitous connectivity and access to information anytime and anywhere. A well defined identity and authentication mechanism shall resolve any concerns on non-repudiation by participating entities.