Page 145 - Cloud Essentials
P. 145
existed with computing solutions, and that also applies to the cloud. Cloud
providers might control network firewalls in addition to your organization
controlling its firewalls. Encryption of transmitted or stored data is an
important component of being compliant with some data security standards.
People controlling or using computers must be wary of social engineering,
which is the act of tricking people to disclose some kind of confidential
information. Not only should employees within an organization understand
these dangers, but cloud provider personnel must exercise diligence to
mitigate these possibilities.
Risk management must now account for cloud providers doing their part.
Even after properly assessing and managing risks, there are sometimes
residual risks such as a cloud provider going out of business. Sometimes
governments or law enforcement may take action against cloud providers,
such as confiscating cloud provider computing equipment used for illegal
activities, which can limit business productivity.
Cloud service level agreements are contracts between cloud customers
and cloud providers stipulating expected levels of service such as uptime
and response time. Where data is physically stored or replicated might be
required in an SLA because of government privacy laws.
Cloud customers rent the IT services they need at the time they are
needed. Because these costs are variable, limits must be put in place to
ensure costs do not skyrocket beyond acceptable limits. Cloud services
costs must be periodically reevaluated to ensure the costs are related to
generating revenue.
A cloud exit strategy outlines a contingency plan should a cloud provider
no longer be available. Examples include using a different cloud provider,
hosting IT services in-house, or using a different (yet functionally
equivalent) IT service.
145
