Risks in cloud computing
Nurmilahti, Anssi (2016-11-02)
Risks in cloud computing
Nurmilahti, Anssi
(02.11.2016)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto. Turun kauppakorkeakoulu
Kuvaus
siirretty Doriasta
Tiivistelmä
Cloud computing is a rapidly growing area of computing due to its wide availability and low barrier of adoption. It makes large scale computing available to those who don’t have the resources to set up a traditional data center. However, there are multiple risks involved in cloud computing, ranging from minor outages to the loss of data and possibly even the reputation of the whole company. This study aims to find out what risks are specifically related to cloud computing, how the risks differ in different cloud service models and finally, how companies can manage the risks.
Cloud computing can be defined as a model of computing, where a pool of rapidly deployable computing resources are provided to the cloud customer on demand, over a network with minimal human intervention and billed by the the actual usage. Cloud computing can be divided into different service models, SaaS, PaaS and IaaS, which define the extent of services provided to the cloud customer. A further division can be made into deployment models, which define where the cloud service is actually hosted. Risk can be defined as the effect of uncertainty on objectives, or as a function of risk likelihood and the controls in place to prevent the risk from realising.
The risks specific to cloud computing can be divided into categories; in this study the division is made into risks to data security, technical risks and finally, relationship risks. Further categorizations were made within these main categories, an example being the division into risks to data confidentiality, data integrity, data availability, data location and data privacy. The second research question was whether the different risk categories are more relevant to particular cloud service models. The conclusion was that many of the risks are omnipresent in different models. However, some risks are more relevant to certain service models, such as vendor lock-in in SaaS.
Finally, the study aimed to answer the question of what companies could do to manage the different risks. In the process several different tools or were identified: service level agreements, risk management standards and frameworks and finally, trust. The biggest limitation of the study is its nature: as a stand-alone literature review it lacks empirical data; a more thorough analysis of the risks would require such data to further support its conclusions and to enhance the analysis.
Cloud computing can be defined as a model of computing, where a pool of rapidly deployable computing resources are provided to the cloud customer on demand, over a network with minimal human intervention and billed by the the actual usage. Cloud computing can be divided into different service models, SaaS, PaaS and IaaS, which define the extent of services provided to the cloud customer. A further division can be made into deployment models, which define where the cloud service is actually hosted. Risk can be defined as the effect of uncertainty on objectives, or as a function of risk likelihood and the controls in place to prevent the risk from realising.
The risks specific to cloud computing can be divided into categories; in this study the division is made into risks to data security, technical risks and finally, relationship risks. Further categorizations were made within these main categories, an example being the division into risks to data confidentiality, data integrity, data availability, data location and data privacy. The second research question was whether the different risk categories are more relevant to particular cloud service models. The conclusion was that many of the risks are omnipresent in different models. However, some risks are more relevant to certain service models, such as vendor lock-in in SaaS.
Finally, the study aimed to answer the question of what companies could do to manage the different risks. In the process several different tools or were identified: service level agreements, risk management standards and frameworks and finally, trust. The biggest limitation of the study is its nature: as a stand-alone literature review it lacks empirical data; a more thorough analysis of the risks would require such data to further support its conclusions and to enhance the analysis.