The most frequent ongoing cloud issues relate to cloud security, the occurring or possible events, and the risks that determine the organizations to show reticence in migrating to the cloud and relinquishing the on-premises control over their data.
Although some service providers take better care of these problems then others, and special business packages may include extra-security features or options, cloud invulnerability is not yet a mainstream characteristic.
For 2016, seven of the most commonly mentioned cloud issues would be:
-
Cloud management distribution:
this extremely important activity can be the responsibility of just one of the contractual parts, or it may be shared; the cloud service provider can fully manage the enterprise system (although this is rather rare, since customers see it as losing control over their data), or the enterprise and the provider may share the management activity, with regular updates, tests and implementations falling to the provider’s side, while customized security practices depend on the enterprise or on the third-party whose services the enterprise hires precisely for this purpose;
-
Cloud collaboration-induced risks:
cloud computing implies that more users need to access enterprise data. However, not all users should have the same type of access. Some may need unrestricted access, while others can perform their job very well without reaching critical or more sensitive data. Since a lot of data breaches originated in insiders’ errors or even malicious actions, it is always better for organizations to be able to configure each employee’s credentials and limit the data access per account to various degrees, in a personalized manner; having a strict control over the data exposure is a derivative issue – departments and employees should access certain data only on a need-to-know basis, when the access is mandatory in performing their tasks, otherwise the data exposure issue remains ambiguous and it is difficult to contain the risks, to monitor the potentially abnormal activities and to correctly distribute responsibilities; when the concerned information includes personally identifiable information (PII) and payment card information (PCI), the compliance regulations risk being infringed; any such information requires secure storage and management in order to avoid liability;
-
Cloud (in)security:
especially when sharing the cloud with other entities, businesses are weary of the possible security incidents, since it suffices a weak entry point to put the entire data bulk at risk, whether it is the case of malware infections or malicious intrusions; however since cloud security is an extremely hot issue, cloud service providers employ a series of security safeguards (continuous monitoring, multi-layered security and MFA and proactive management structures that enable quick responsiveness and immediate reactions); it is considered that 2016 would witness emerging cloud security standards that should raise the bar in default cloud security and compel organizations to migrate to the cloud; also the security spending is expected to grow this year, while encryption should have a leading role and even benefit from a major push in order to avoid further privacy protection controversies;
-
Cloud outages:
if the previously mentioned issues were all part of the digital environment, the issue of a possible cloud outage that might make cloud data unavailable is a rather material issue; the idea that the cloud might go down is not far-fetched, since recent events have proven it is very much real and upsetting – during 2015 Google’s IaaS, Dropbox and Microsoft Azure have all experienced outages affecting millions of users; businesses are once again reluctant to move their stored and operational data to the cloud when contemplating the possibility of such unpredictable occurrences;
-
Ubiquitous access-induced risks:
the need for anytime access from every which point of the globe to the cloud stored data is yet another challenge for cloud providers; leaving aside the accessibility, which pertains to broadband providers, cloud providers are the ones that have to handle the necessary setup for cloud data that is to be accessed from multiple devices, by various persons at any given time – and to make sure that the cyber-security risk involved are minimized. All roads seem to lead to cloud security, but it is rather a sensible balance between the ease of access and the need for data privacy and protection; cloud computing should be dynamic, Geo-location independent, flexible and adaptive, yet ward off any malicious intruders who would try to use these characteristics to their advantage;
-
Cloud services lack of standardization:
as we mentioned above when approaching the cloud security issue by itself, the lack of unitary standards encourages ambiguity and uneven services; when confronted with the idea that they might have to determine themselves whether a provider offers an safe level of data protection and properly sets up and secures its services, businesses are de-motivated; besides cyber-security, the provider’s offers vary in labels, capabilities and pricing models, complicating the buyer’s tasks when choosing the best way to meet their needs; until some kind of cloud compliance or widespread minimal standards become customary, clients are advised to evaluate carefully the providers’ offer, focusing on each service and option by itself, and to never assume consistency across services – it is always better to examine and test each service, in order to establish the compatibility degree with your needs, and understand thoroughly how it will fit your organization.
-
The data-moving challenge:
the same source quoted above mentions how moving data to and from the cloud is super challenging and needs to be a seamless data flow operation; the process involves moving data to physical media for one-time massive transfers, while for ongoing, two-way updates, the necessary processes include data streaming or data pipelines; collecting and pre-processing data via the cloud before moving data subsets to a physical data center is a common requirement among companies that cloud-compute and the more this operation involves smoothness, efficiency and risk-free data flow, the better.
