7 deadly sins of cloud computing

With great power comes great responsibility

Your investment firm has moved from testing and using cloud computing in small, safe areas to wider spaces throughout your enterprise. But ask yourself, are you committing one or more of these dangerous cloud practices?

Here's the first Deadly Sin of Cloud Computing, according to a columnist at InfoWorld. Do you recognize yourself?

#1: Failing to check IDs at the door

The only secure way to log in to the cloud is through enterprise identity management systems. Though many cloud services permit just about anyone in the organization to sign themselves up, create their own IDs and passwords without registering these with the enterprise, and then connect these credentials to personal email addresses, that does not mean that IT or the business should let it happen.

"While it is easy to start out this way, failing to integrate with enterprise IMS will leave the organization open to leaks, policy violations, and ultimately the inability to secure the cloud," says John Thielens, chief security officer of Axway.

In a similar way, some companies that are deploying IaaS do so rather quickly—using self-service capabilities—to address complaints that their IT departments are slow and unresponsive. But this approach bypasses governance, allowing unguarded access to cloud servers.

"People connect to data they should never see, such as legacy project data on VMs that were never shut down," explains Stanton Jones, emerging technology analyst and cloud expert at Information Services Group.

And what if it is a customer-facing cloud service? What is the access model? "How will you integrate it to allow user sign on that is similar to, say, the single sign on model you have internally," asks Julie Talbot-Hubbard, chief information security officer for the Ohio State University.

For more:
-see the other six Deadly Sins