Cloud computing: Hardware & Software Security: Online …

Examples of cloud computing include Software as a Service, Platform as a Service, and Infrastructure as a Service. Generally, cloud computing services are run outside the walls of the customer organization, on a vendor’s infrastructure with vendor maintenance.

Although cloud-like services can be internal (e.g., IU’s Intelligent Infrastructure), this document refers exclusively to cloud services provided by third-party vendors over a network connection where at least part of the service resides outside the institution, regardless of whether those services are offered freely to the public or privately to paying or registered users.

Cloud computing represents an externalization of information technology applications and infrastructure beyond an organization’s data center walls. In the university context, cloud computing may be thought of as extra-campus or above-campus computing.

Cloud services are often available “on demand,” and utilize an infrastructure shared by the vendor’s customers. While some offer a flat fee model or consumption-based pricing, other cloud services are offered at no cost.

Within the university, the confidentiality, integrity, availability, use control, and accountability of institutional data and services are expected to be ensured by a suite of physical, technical, and administrative safeguards proportional to the sensitivity and criticality (i.e., risk) of those information assets and services.

These safeguards help protect the reputation of the university and reduce institutional exposure to legal and compliance risks. Much of the challenge in approaching cloud computing involves determining whether a service vendor has adequate safeguards in place commensurate with the value and risk associated with assets and services involved.

Once the high-level challenges are understood, the next step is to consider the risks and determine whether or how to appropriately mitigate those risks in the context of the proposed information and/or service.

The above factors should not be taken to suggest that cloud computing has no potential benefits; but rather that the benefits must be balanced with the risks involved when evaluating the use of cloud computing services.

Cloud computing services are similar to traditional outsourcing and can be approached analogously while accounting for their unique risks/benefits. The following recommendations and strategies are intended to assist units in their approach to evaluating the prudence and feasibility of leveraging cloud services.

See the original post here:
Cloud computing: Hardware & Software Security: Online …

Related Post

Comments are closed.