Story image

Architecture, models and... zombies? The three major risk areas when moving to cloud

31 May 2017

As more organisations take the journey to the cloud, there are also inevitable risks along the way. Alongside better scalability and processing capabilities, businesses must consider the risk factors surrounding security and privacy.

That's the advice from RSM's partner in Risk Advisory Services Michael Shatter, who says the benefits have created a "widespread transition to the cloud, with more companies adopting cloud solutions to support growth and add flexibility while cutting costs".

RSM Australia has compiled three key risk areas that organisations need to consider when transitioning to cloud: 1. Architecture The cloud typically consists of one of three major architectures: Software-as-a-Service (SaaS); Platform-as-a-Service (PaaS); and Infrastructure-as-a-Service (IaaS). Security and regulatory compliance procedures are directly tied to the model chosen.

SaaS: The most common example of the cloud, when using this platform a company simply leverages an application completely controlled by an external provider. Examples include webmail and social media. However, when using SaaS solutions, a company has little opportunity to conduct a security review, with risks predominately managed through the contract. Particular areas to closely evaluate include availability, ownership of liability, and the processes and responsibilities of the cloud provider during a data breach.

PaaS: This cloud solution typically involves the movement of an application to a cloud vendor, with this third-party provider then providing the business with the required virtualised server and connectivity needed to operate the application. Vendor risk is still managed through contracts however, the company needs to keep in mind they are still responsible for maintaining the application.

IaaS: This solution takes existing physical or virtual servers and transitions them into a cloud environment. The vendor’s main responsibility when using an IaaS solution is to manage the connectivity and security of the fundamental infrastructure, with the organisation maintaining responsibility for securing applications and operating systems.

2. Models

There are three types of cloud solutions available for organisations to implement including public cloud, community cloud and private cloud.

Public cloud: Public cloud encompass platforms including Gmail and Dropbox. When using this solution, all customers are in the basic environment and generally have basic security controls.

Community cloud: Designed to meet a specific industry’s security and regulatory demands, examples of community cloud solutions are designed to meet the standards and requirements set by the Australian Signals Directorate. With more specialised security requirements, community cloud options tend to be more costly than public cloud.

Private cloud: Organisations with extensive internal information technology capabilities can choose to deploy a private cloud solution within their internal environment. This solution delivers complete control over security details and compliance demands, but carries the most expense.

3. Zombies

Representing the most significant risk, zombie systems result when an original application or underlying operating system is not maintained. Once an organisation transitions a system, application, or business process to the cloud, it is often assumed that the original assets will deactivate rather quickly. However, studies show that the sun-setting process takes an average of two to three years. This delay typically occurs due to linkages to the original system that cannot be broken without interrupting critical business processes. Also, often as soon as cloud migration occurs, the attention of IT teams is diverted from original systems to the new cloud solutions. However, those legacy systems still exist and can contain sensitive data. As these systems do not necessarily receive the same security maintenance and updates, they can be highly vulnerable and present significant risks to the company.  To guard against zombie systems creating potential exposures in the IT environment, businesses' cloud migration strategy should include full maintenance and tracking of these systems until they are officially removed from the network. “Cloud usage is only projected to rise due to solutions that can support growth and increase profitability becoming more realistic and available for middle market companies. However, these cloud platforms are not without risk, so businesses must fully understand their cloud options and choose the option that best aligns with their regulatory demands and risk appetite," Shatter comments. “Organisations should evaluate their potential cloud architectures and models to develop a cloud roadmap that will let them reduce their technology vulnerabilities while creating a competitive advantage.”

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."