Cloud Computing: Common Adoption Challenges
Cloud adoption can introduce a shift in thinking, and essentially represents a move from implementing solutions in-house IT to offloading a proportion of that work to a strategic partner. Like many strategic partnerships, it works best when the partner has the skillsets and partners that match closely with the organization’s requirements.
There are cases where this is more difficult for some organizations than others. Security is typically a multi-layered objective. Cloud computing has multiple levels of offerings, and so the levels to which Cloud Providers take on security can be different. Organizations need to be aware of the level of security provided and understand that they still bear overall responsibility for their organization’s IT security. Especially regarding data, and access control granted. Further some organizations may have higher levels of security requirements than provided generally by the Cloud Provider. These cases need to be evaluated carefully. For example Government Top Secret requirements might easily be higher than what is provided by a cloud provider and the confidentiality requirements might even prohibit having a third party handling data or data flows entirely even if encrypted.
In general legal and mandatory compliance regulations can be extremely prohibitive in Cloud adoption where Cloud providers have implemented according to general criteria.
Discuss how cloud computing solution can be a challenge for certain company? What are some of the new issues that they must now address with the move to cloud? Discuss from security, privacy, legal, and compliance stand point.
Like all aspects of cloud, compliance is a moving target as competition in the Cloud Provider market is driving providers to adopt more standard compliance criteria. So ongoing effort is needed y working with providers on compliance requirements in these areas. A strategic phased approach is generally the best approach in transitioning to a cloud model, to assess which services and assets can be moved safely and which can not , at least for the moment.
“Cloud providers and vendors already are stepping forward to address the language of this regulatory requirement for standards. New security and compliance products, as well as detailed hardening guidelines, address the need for industry-accepted control requirements or recommendations.”
Cloud Compliance: Tackling Compliance in the Cloud. (n.d.). Retrieved from https://searchsecurity.techtarget.com/feature/Cloud-Compliance-Tackling-Compliance-in-the-Cloud