The advantages of cloud computing are frequently touted as cost-efficient, reliable, manageable, and more secure than legacy computing. Yet cloud computing possesses security risks despite it being more secure than legacy computing. And the security disadvantages of cloud computing remain worrisome.
Six Security Disadvantages of Cloud Computing:
- Loss of Control: The enterprise’s loss of control in enhancing the network’s security is the most significant disadvantage of cloud computing security. The responsibility of securing the network is shared between the cloud service provider (CSP) and the enterprise. Depending on which server model an enterprise uses, the enterprise may have little to almost no control over the cloud security. Infrastructure-as-a-Service (IaaS) allows the enterprise to have the most control as the CSP only provides the infrastructure. It falls under the enterprise’s jurisdiction to build the remainder of the stack and maintain its security. A stack built, operated, and managed entirely by the CSP is known as the cloud service offering, Software-as-a-Service (SaaS). The enterprise has the least amount of control over the cloud security in a SaaS environment. Enterprises need to review the CSP’s service level agreement (SLA) to understand its security obligations and to identify gaps in security coverage.
- Vendor Lock-in: Describes the “an anticipated fear of difficulty in switching from one alternative to another.” Lock-in often happens when enterprises neglect to read the CSP’s SLA.
- Data Loss: Can occur via a natural disaster or company error.
- Insider Theft: When an employee intentionally steals data with mal-intent.
- Data Breaches: Forcepoint lists consequences of data breaches in the cloud in its white paper, “Deploying and Managing Security in the Cloud.” It states that “while cloud providers generally have better security capabilities than most organizations and suffer fewer data breaches as a result, a successful data breach can open an organization to stiff financial penalties, regulatory fines, loss of customer confidence, and declining competitive market positioning, among other significant consequences.”
- Unsecured Application Programming Interfaces (APIs): The open APIs are readily exploitable as “CSPs expose a set of application programming interfaces (APIs) that customers use to manage and interact with cloud services (also known as the management plane).”