This module raises awareness of the information risks and security controls associated with cloud computing.
Cloud computing is a strong and still growing part of the IT industry. It’s a hit!
The relative novelty of cloud computing puts naïve managers, staff and professionals at a disadvantage: without some appreciation of the technology and the commercial/business context, the information risks and especially the security and other controls aren’t exactly obvious. Information security (in the broadest sense – not just IT or cybersecurity) is a major concern with cloud computing, a source of aggravation and costs for the unaware.
In adopting commercial cloud services, we are implicitly handing over a substantial part of the control and security of our information to the Internet and cloud service providers. In fact, we are literally passing to them our valuable information. If the suppliers turn out to be incapable or incompetent at providing their contracted services, securing our data and protecting our interests, it is entirely possible to wipe out the advantages of cloud computing, and then some. Likewise if our internal systems and networks are compromised, somebody screws up, or if the complex technology fails to perform adequately for some other reason. Whatever the cause, ultimately we are accountable for our decision to adopt the cloud if things don’t go to plan. We may outsource huge parts of the service provision but we’re left holding significant risks.
- Introduce and outline cloud computing, providing general context and background information (e.g. explaining why so many organizations are eagerly adopting it) with as little techno-babble as we can get away with;
- Inform workers about the information risk and security issues and concerns relating to or arising from cloud computing (e.g. the organization’s partial loss of control over its information), plus the business benefits (e.g. reduced costs, greater resilience and flexibility, plus access to cloud specialists and cutting-edge technology). We’re promoting a balanced view;
- Encourage those considering, specifying, evaluating, contracting for, using or managing cloud computing to identify, analyze and address the information risks, typically through appropriate controls that secure the business benefits as much as the data;
- Promote information risk and security management as a business enabler, without which cloud computing would be unacceptably risky.
Think about your learning objectives in relation to cloud security. What are the key messages you would you most like to put across in this module? What are your organization’s most pressing concerns? How does cloud fit into your business, IT and data/systems architectures and strategies? Customize, elaborate on and add to the awareness materials accordingly.
Cloud security awareness
This awareness and training module covers the information risk, security and privacy aspects of cloud computing.