Tag Archives: managing identities

Cloud security and risk management

by Varad G. Varadarajan, Cognizant Technology Solutions

Are you ready to move to the Cloud?

Risk management and cost control are two key issues facing CIOs and CTOs today. Both these issues come into play in Cloud Computing, and present an interesting dilemma for IT leaders at large corporations.

The elastic nature of the Cloud, the conversion of Capex to Opex and the managed security infrastructure provided by the Cloud service provider make it very attractive for hosting applications. However, there are a number of security and privacy issues that companies need to grapple with before moving to the Cloud.

For example, multi-tenancy and virtualization are great technologies for lowering the cost of hosting applications, and the service providers that would like to use them. However, these technologies also pose grave security risks because companies operate in a shared infrastructure that offers very little isolation. They greatly increase the target attack surface, which is a hacker’s dream come true.

Using multiple service providers on the Cloud is great for providing redundancy, connecting providers in a supply chain or handling spikes in services via Cloud bursts. However, managing identities across multiple providers is a challenge.  Making sure data does not accidentally cross trust boundaries is another difficult problem.

Likewise, there are many challenges in the areas of:

  • Choosing the right service / delivery model (and its security implications)
  • Key management and distribution
  • Governance and Compliance of the service provider
  • Vendor lock-in
  • Data privacy (e.g. regulations governing the offshore-ability of data)
  • Residual risks

In my presentation at The Open Group India Conference next week, I will discuss these and many other interesting challenges facing CIOs regarding Cloud adoption. I will present a five step approach that enterprises can use to select assets, assess risks, map them to service providers and manage the risks through contract negotiation, SLAs and regular monitoring.

Cloud Computing will be a topic of discussion at The Open Group India Conference in Chennai (March 7), Hyderabad (March 9) and Pune (March 11). Join us for best practices and case studies in the areas of Enterprise Architecture, Security, Cloud and Certification, presented by preeminent thought leaders in the industry.

Varad is a senior IT professional with 22 years of experience in Technology Management, Practice Development, Business Consulting, Architecture, Software Development and Entrepreneurship. He has led consulting assignments in IT Transformation, Architecture, and IT Strategy/Blueprinting at global companies across a broad range of industries and domains. He holds an MBA (Stern School of Business, New York), M.S Computer Science (G.W.U/Stanford California) and B.Tech (IIT India).

Comments Off

Filed under Cloud/SOA