For a more general overview of cloud computing, please see our first blog post: Cloud Computing 101.
What are some benefits of cloud computing for SMEs?
- Security and safer storage: One of the major benefits of using the cloud is better security. The most well-known cloud providers, such as Google, Microsoft, and Amazon Web Services, invest considerable resources to ensure that stored data is secured and available. They also constantly look for ways to improve these services. This yields a stronger base of security than most SMEs can’t achieve on their own. An example is cloud-hosted email, which significantly improves email security, removes the local exchange server attack vector, and free IT resources to work on differentiated services.
- Organizational roles: Cloud computing frees internal IT to focus on projects that deliver differentiation for the business. Unlike with on-premises systems, when deploying applications in the cloud, IT is no longer responsible for maintaining network, servers, and other hardware. Using pre-configured solutions or blueprints from cloud service providers (CSPs), they can deploy security controls and best practices more systematically.
- Speed: The cloud is made up of many high-powered data centers. These centers have high-speed connections to the internet. These speeds surpass what an organization will reasonably have on its premises, providing a clear advantage to the traditional model.
- Deployment flexibility: Cloud computing allows organizations to host the same application across global regions. This means the organization’s reach and services are able to reach bigger audiences with no performance sacrifices.
- Scalability: Cloud computing enables organizations to quickly spin up new instances and add compute resources when needed. This supports growth by scaling to handle unknown levels of traffic and disasters, as when and if there is an incident in one region, there are controls in place to keep your firm’s services up and running across the web.
- Cost-effectiveness: Traditional infrastructure requires expensive upfront investment in servers, switches, cabling, internet connection, and redundancy. This is often a huge upfront capital expense, and one many smaller organizations cannot or do not want to spend. The cloud allows these technology costs to be transferred to an operational expense model where the firm purchases computing power based on monthly usage and can more easily create the systems they need without significant upfront costs. This is ideal for smaller businesses and those with changing technical requirements.
What are the risks associated with cloud computing?
Understanding certain risks is critical to properly managing your entire environment, whether cloud, on-prem, or hybrid. While the cloud is making large-scale computing more accessible than ever, security drawbacks exist.
A common misconception is that putting servers in the cloud makes them inherently more secure. This is not true. Cloud servers are equally vulnerable to human error and misconfiguration. Here are a couple of considerations to pay attention to when adopting a cloud computing model:
- Security risk due to cloud misconfiguration: Many cyber incidents that have taken place in the cloud are due to misconfigurations or incorrect configuration of user access when migrating a development project to production. This can be mitigated with employee training and step-by-step adherence to the security best practices provided by the CSP.
- Cost Instability: Though cheaper in most cases upfront, predicting the costs associated with the cloud can be challenging. The cloud model is based on two factors: usage and cost for usage. When companies raise prices or demand for services increases dramatically, customers can be hit with large and unexpected bills.
- Supply Chain Risks: Complete reliance on a service you do not control and maintain is another issue. What happens if your particular region or main data center goes down? The organization must wait for the cloud service provider to fix these issues. See AZURE Outage Recent Example.
How should one select a cloud service provider (CSP)?
Below is a checklist of considerations to keep in mind when selecting a CSP for your business. Note that these are just some criteria to consider, and if you have questions about the right choice to make for your business, reach out to our Risk Engineering team for help.
- Does the CSP use a high-quality identity and access management solution based on least privilege coupled with multi-factor authentication?
- Does the CSP provide security for web applications with web application firewalls?
- Are the CSP’s data centers certified and well-located? Do they have strict security measures (on-site security staff, multilayer access control)?
- Are data replication services offered by default (as opposed to at an additional cost)?
- What levels of security responsibility are assumed by the CSP?
- Compliance with various frameworks and regulations
- PCI
- NIST Cybersecurity Framework
- CIS Benchmark
- SOC 2 Type II compliance (relevant for all SaaS providers)
Security is an essential part of cloud computing, but insufficient security can lead to incidents, theft of data and sensitive information, and, ultimately, loss of confidence in the system and even the company. This is why understanding the benefits and risks of cloud computing is so important.
On the one hand, cloud computing also offers a much-needed jump start to many businesses by providing access to modern technology with minimal upfront investment. Working with cloud computing providers comes with baked-in advantages such as properly designed, managed, and secured hardware infrastructure. However, the onus remains on your organization to hire or outsource skilled professionals to manage and properly secure what you store in the cloud.
This blog post was written by Cowbell’s Risk Engineers, Phaelan Koock and Soham Turakhia.