Companies everywhere have largely gotten over their fears of cloud computing and moved onto implementation strategy discussions, but amid this transition there are some firms that are frankly too eager to get their feet wet in the cloud. David Geer wrote on CSO Online that companies should make sure they are not at risk of falling victim to any of the downsides that could come from the adoption of cloud computing. The first issue he brings up is failing to check the identity of users when logging onto or using the cloud.
"The only secure way to log in to the cloud is through enterprise identity management systems," he wrote. "Though many cloud services permit just about anyone in the organization to sign themselves up, create their own IDs and passwords without registering these with the enterprise, and then connect these credentials to personal email addresses, that does not mean that IT or the business should let it happen."
Another thing that could end up putting a company behind is not keeping independence from a provider when using their cloud computing services. John Thielens, chief security officer at Axway, told CSO Online that this may hurt security and could make a company much less flexible than they would prefer to be, as applications may end up reaching a point where its economically better for a company to be housed outside of a providers cloud.
Going along with leaving too many applications and data in the cloud, Geer also warns against companies outsourcing their risks and accountability.
"The company can outsource some of its infrastructure to the cloud, but it cannot completely outsource its risk, accountability and compliance obligations," he wrote. "Enterprises require a certain amount of transparency into the cloud provider so they can own the risk models and mitigate enterprise strategies."
Other "sins" Geer suggests companies avoid in the cloud solution to keep up with the best practices for security include:
- Signing up for a cloud computing solution without giving any kind of thought to security involvement
- Overestimating the amount of cloud security the provider has in place
- Failing to understand what costs are involved in the cloud, which could leave a company paying for more than they need or perhaps paying for far less than they estimated
Safe cloud computing implementations
While there's certainly no one size fits all solution for a company looking to adopt cloud computing, there are some best practices that might be beneficial to follow. Fed Tech Magazine said companies should get all the stakeholders, or those who will be using the cloud, involved when figuring out what they want to use the technology for, focus on transitioning into the cloud first before innovating and try not to "reinvent the wheel" when it comes to adopting the solution.
Another important best practice according to the website, is to know which skills are required in the cloud. Chris Webber, CIO of the Federal Labor Relations Authority, which recently moved to the cloud, said their migration to the cloud required development experience within the platform.
"Because cloud applications are just now gaining traction, finding qualified candidates capable of implementing an enterprise-level cloud application can be a significant challenge, Webber says," according to Fed Tech Magazine. "While the coding language is easy to pick up, developers with a niche skill set may be required to lead the development team."
One important thing many companies may not think about due to the hype of cloud computing is to make sure the platform is needed and will work with the apps. CloudTimes said the first thing that should be done when looking into cloud computing is to make sure the technology can help the business and is the definite way to go. If the business is not ready for the cloud in a certain area, it may be a better idea to first adopt it elsewhere and slowly adopt it across the company later.
Cloud Computing News from SimplySecurity.com by Trend Micro.