New Frontier

Cloud computing is an emerging frontier in the field of Information Technology. It brings the promise of convenience, elasticity, transparency and economy.

Cloud Services Introduces risks in addition to risks that already exist

In addition to the security risks already present in IT, cloud computing also includes risks related to privacy, compliance regulations, identity, use of virtual machines, security of data and the security of the network through which the data travels.

Software as a Service (SaaS)

Google mail, Google Calendar, Google Docs, Sheets and Slides.

Platform as a Service (PaaS)

Allows users to deploy their own services to the cloud E.g Google App Engine allows developers to create their own apps and deploy to Google’s cloud

Infrastructure as a Service (IaaS)

Allows users to access cloud computational resources and storage E.g Amazon Web Services

FYI some US government bodies use AWS

Small vs Medium-Big Companies

Cloud computing can be a good investment for small companies that cannot afford to invest into information and network security, by purchasing cloud services for a small company this can bundle their services and leveraging the security of the large cloud providers, cover some of their security needs at the same time.

Contrasting to the medium-big companies switching over to cloud services, they could have already spent a large sum into IT and Network Security in the past and may increase their risk by using cloud service providers that they would need to consider.

Security on the Cloud

Security in cloud computing is a shared responsibility between the IT department of an enterprise and the cloud service provider. Therefore, even when IT infrastructure can be moved into the cloud, the responsibility for information security cannot be entirely outsourced to the cloud service provider.

CIA Tenant prioritisation of industry

[2] Figure 3 Annual Distribution of Cloud Security Patents shows the that the industry prioritises innovation in Confidentiality innovation closely followed by Availability and then Integrity. Many of these patents may span across more than one tenant but still shows the prioritisation in Cloud Security lies at making sure the data stored in the cloud is only accessible by the appropriate user.