Cloud Computing

            Over the past few years, a lot of organizations have moved to
            cloud computing as a model for data processing and storage. The
            use of a cloud-based service such as Software as a Service (SaaS)
            is an excellent way to support business requirements without the
            need  to  install  and  maintain  applications  on  every  desktop.
            Instead, all an employee needs to be able to access corporate data,
            and application functionality is a web connection and a browser.
            The  hosting  company  does  all  application  patches,  stores,  and
            processes data, generates reports, and provides protection for the
            data. As with any outsourced service, the need to ensure that data
            is being protected is available when required, and can be retrieved
            in case of termination of the contract.

            Other  cloud-based  services  such  as  Storage  on  Demand,
            Infrastructure  as  a  Service,  Platform  as  a  Service  and  email
            hosting are all popular since it removes the requirement for the
            outsourcing organization to manage, acquire and maintain their
            own IT infrastructure. The security professional must ensure that
            the network connections to the hosting company are secure and
            that the hosting company has backups and disaster recovery plans.



            Mobile Computing
            Many services provided by organizations today are moving onto
            mobile  platforms  such  as  online  banking  and  email.  These
            services  are  run  using  mobile  applications  and  application
            program interfaces (APIs), often on top of legacy systems and
            more traditional information systems. This requires attention to
            the coding practices of the organization and the choice of APIs
            used. Using an insecure or older API may present an attack vector