Cloud computing is the delivery of computing as system as a service (SaaS) rather than a product, with shared resources, such as software, and information available over a common network. Cloud computing’s services with a user’s data, software and computation on a published application programming interface (API) over a network. Users access cloud based applications either through a web browser or through a light weight desktop or mobile app while the business software and data are stored on servers at a remote location. Cloud application providers strive to give the same or better service and performance than if the software programs were installed locally on end-user computers. At the foundation of cloud computing is the broader concept of infrastructure convergence and shared services.
The risks here are two-fold.
A cloud-based application makes a very attractive target for hackers – if you break in you have all of the data – not just one persons or company’s data. It is a Fort Knox approach – store all the gold (eggs) in one place and make it a fortress. If you can recall any recent headline some very big virtual fortresses have been hacked.
You would not be the only user of the cloud. I am sure all of your information, especially video and music have been legally obtained. No stolen software code uploaded from a work site to be downloaded later at a lab in Marseilles, no plans for Nano-satellite swarms uploaded to the cloud to be down loaded to a torre de apartamentos en Ciudad del Este. But other users of cloud may have done just such things. Think of the cloud as a computer pool and someone has just peed in the pool. Under such circumstances a government, the US is more aggressive than any one in this regard, can size all of the data and shut down the cloud. In other words, the government is exercising the power to seize all of the legal property held in a storage facility because a handful of crooks have committed illegal act in their portion of the cloud.
Sound far fetched – look at what the US, Hong Kong and New Zealand did to Mega Upload.
Due diligence’s primary focus is to look for risks and to aid management in quantifying those risks. The gossamer security and operational risks of the cloud are all too real.
It is simply ridiculous to store primary data on and only on ephemeral, third-party servers—or on any servers. Anyone who has years worth of essential work or mission critical data on third party devices without redundant backups is just poking a stick in a tiger’s face, we all know the outcome – it just when not if.