The Security and Privacy challenges discussed above are also relevant to the general requirement upon Cloud suppliers to provide trustworthy services. If Cloud providers find adequate solutions to address the data privacy and security specificities of their business model,they will have met in a certain way the requirement of offering trusted services. Yet, there are a few other challenges which, if tackled properly, would enhance users confidence in the application of Cloud computing and would build market trust in the Cloud service offerings.
Continuity and Provider Dependency - The increasing complexity of Cloud architectures and the resulting lack of transparency also increase the security risk. In many Cloud implementations, the centralized management and control introduces several so-called single points of failure. These could threaten the availability of Cloud users’ data or computing capabilities indirectly, as a small incident in the Cloud could have an exponential impact.
Compliance with applicable regulations and good practices - If privacy is one regulatory area particularly relevant to Cloud computing, it is certainly not the only area. Once the applicable law to a Cloud service is determined, the provider will need to comply with other regulations than privacy, such as: General civil law and contract law, Consumer protection law, “e-commerce regulation”, Fair trade practices law.
Change in Cloud ownership and “Force Majeure”- The Cloud market is still immature and the situation of global economy may affect some of the Cloud industry players too in the coming months or year(s). Accordingly, users of the Cloud must be confident that the services externalized to the Cloud provider, including any important assets (personal data, confidential information)will not be disrupted as it was discussed above(“Continuity and Provider Dependency”).
Trust enhancement through assurance mechanisms – By definition, the Cloud-computing concept cannot guarantee full, continuous and complete control of the Cloud users over their assets. For these reasons, the establishment of appropriate “checks and controls” to ascertain that Cloud providers meet their obligations becomes very relevant for Cloud users (for example,through adherence to generally-accepted standards).
Despite security, privacy and trust concerns, the benefits offered by Cloud computing are too significant to ignore. Thus, rather than discarding cloud computing because of the risks involved, the Cloud participants should work to overcome them so that they can maximize the benefits (e.g. reduced cost, increased storage, flexibility, mobility, etc.). Cloud users should become Risk Intelligent by taking a proactive approach to managing risks and challenges in Privacy, Security and Trust. Risk will become an even more important part of doing business when adopting Cloud concepts.
Risk can then provide both opportunity and peril: poorly managed, it allows a security breach by a hacker or a disgruntled employee, exposing an organisation to potential loss and liability. Effectively addressed, it enables management to exploit e-channels, mobile offices and process efficiency gains and positive results. The Risk Intelligent C-suite should manage information security from the perspective of making money by taking intelligent risks, avoiding losing money by failing to manage risk intelligently.