Concern, Risk, and Solution before Using Cloud Computing Especially for Business Companies

Abstract

       To believe that a company, financial management is critical and necessary because an exemplary process has been carried out in a company with an excellent financial arrangement. A company needs fast, precise, and accurate information. With the development of technology, there have been many business life changes that make activities more manageable, cloud computing. With cloud computing, many benefits are received, such as cost, more organized data storage, companies can help applications as needed and not pay for what they do not use. The purpose of this article is to explain some of the concerns and risks that can be considered and prevented before entering cloud computing, such as the many cyber attacks that make it easier to hack data so that data security can become a problem—paying attention to the rules the cloud has created and what regulation is needed to the company itself.

Keywords: cloud computing, business, concern

Introduction

       People are competing to have the best business in the business world to adapt to technologies’ development. Cloud computing fills the spot. Cloud computing is Internet-based infrastructure development (cloud) and combines the use and utilization of computer technology (computing). Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. National Institute of Science and Technology. (2011).

       According to Sullivan on 2009 in ‘The Definitive Guide to Cloud Computing’, cloud computing is an information technology service provider, giving flexibility to the users with virtualization server, extensive scalability, and service management. This information technology service provider could make it easier for an organization to run its business processes.

       The main reason businesses are created and developed is to make a living, by reducing outcome and increasing the company’s income. Before cloud computing came to existence, the Business application had one to one mapping, and the physical server upon which it is installed, each of the physical server needed a high-end server, energy cost for the power and cooling, also workforce to maintain the server, and operating system cost although only a fraction of the server is being used.

       For instance, if there are three production apps, three physical servers are required. Every time a new application is required, another physical server is needed to procure. Every application has different dependencies, a different version of the framework installed, and a different operating system. However, the server only needs a fraction piece. The only way to end it is by buying another physical server. This can become unwieldy and very expensive for organizations. When virtualization came to existence, users can safely and securely run multiple apps on a single physical server. Each application thinks it runs on a dedicated physical server with its dedicated processor, memory, drive space, etc. In reality, they are running on the same physical server and a dedicated virtual machine.

       With the cloud it’s pay as you go, you only pay for what you use. For example, if there’s a lot of demand for your application and you use a lot of cloud resources like storage and computing power you pay more for things you used.

       Cloud ensures automatic updates, by paying a small monthly fee, security patches and updates are automatically installed offsite by the service provider. One of the advantages of the cloud is team members could access, edit, and share files anytime and from anywhere(Google drive, spreadsheet, etc.)

       As written in the National Institute of Science and Technology, cloud computing is an On-demand self-service. A customer could easily procure, configure and use cloud resources and provider as needed automatically without requiring human interaction with each service provider. Cloud provides a lot of scalability and flexibility options. The scale of cloud resources can be scaled up and down as the user needed. For example, A company is launching a new product line. The company needs more cloud resources, it can scale up and down cloud resources and set the threshold limits and automate, adding the storage capacity.

Concern and Solution of Cloud Computing

       Despite many benefits, users could get from cloud computing, some conditions needed to be concerned: loss of cloud data and services, data security, compliance and legal risks, and cost concern.

  • Loss of cloud data and services is one of the main threats, to be able to run a business, data is essential. Quoted from Seagate.com, Loss of Data in the cloud services and data could be from the system: couldn’t access data from the system or a computer backup that was previously functioning, virus and application bug, failure from an update, human error: accidental deletion of files, adverse environmental condition: discharge of electronic surge, overheating, and device failure: physical and technical damage. Fires, floods and natural disasters are unpredictable; therefore, preparation for physical disasters is necessary.There are several ways to prevent and overcome data loss from Seagate.com :
  • Back up regularly and don’t forget to be tested and verified.
  • Upgrading the device sometimes makes the device overheating and sometimes an error, so before updating, it’s better to have provided a backup.
  • Make a backup plan, such as a file that contains all the data backups that have ever been done.
  • Setting up alternative devices.
  • Use firewalls and antivirus.

       It is important to choose the best and well-known cloud service provider to keep the data safe. Make sure the reputation of the cloud service provider is good and will be better if the cloud have SLA(Service Level Agreement) as most of cloud service provider has this service.

  • Data security. Putting trust of data store on the business, employees and customer does not rule out the possibility of not being hacked as cyber-attacks are happening worldwide. For instance, from Pragimtech: in Bitdefender webpage, it is shown real-time cyber threat map, telling the fact every few milliseconds there is an attempted cyberattack.

Below is the condition of Indonesia’s cybersecurity situation:

According to Forst and Sullivan on Microsoft, the potential economic losses in Indonesia caused by cybersecurity incident could reach a US $ 34.2 billion value, equivalent to 3.7 per cent of Indonesia’s total GDP of US $932 billion. Not only financial causes but also, this cyberattack has made companies delaying their digital transformation. Declaration from Jokowi on “making Indonesia 4.0”, artificial intelligence is the front line on cybersecurity fortress, AI’s ability to analyze and respond quickly to a massive amount of data more and more needed in the world frequency, scale, and sophistication cyberattack is expanding.

There is no proper and exact way to tell that the cloud is fully secured, but by practising encryption, two-factor authentication, auditing, reviewing and rotating access keys and credentials can reduce the security risk to some extent. More than 90% cyberattacks can be prevented by maintaining the best basic practices( encryption, two-factor authentication, auditing, reviewing and rotating access keys and credentials, Anti-malware) could increase the ability to front cyberattacks.

  • Compliance and legal risks. Dealing with any financial data, healthcare data, credit card data or any regulated data, by law, the organization is responsible for protecting those data, it also needs to know where the information is stored, who is allowed to access it, and the measures that are put in place to protect it(Pragim Technologies)

       There are many local and international regulations like GDPR, HIPAA etc. Find an organization that make sure they have done their job in compliance cloud standardization and will be responsible if the cloud service provider fails to local and international regulations, for instance. There is dropbox, reported by www.dropbox.com, Dropbox has certificated data store, system, application, employees, and owner process by a series of the audit by EY CertifyPoint. Dropbox keeps on being comprehensive on managing and improve physical, technical and legal control. The auditor of Dropbox(EY CertifyPoint) got ISO 27001 accreditation from Raad Voor Accreditation.

Dropbox also got ISO 27017(cloud security) and ISO 27018 certificate which explains the responsibility guide that explains some security, privacy, and compliance condition that could be overcome by dropbox and customer.

  • ISO 27701 is being privacy information management system of dropbox business dan dropbox education.
  • Dropbox also has Social Organisation Control(SOC1, SOC2, SOC3)services.
  • Dropbox Business and Education have received CSA STAR level 2 certificate and ratification.
  • Dropbox will sign a business associate agreement with the customer who needed to obey HIPAA and HITECH. The customer who is interested in asking the document could contact the sales team of dropbox.
  • Dropbox obeys Privacy Shield EU-AS and privacy shield swiss-AS.
  • General Data Protection Regulation2016/679 is a regulation from Uni Eropa presenting new and comprehensive conditions applied to companies like dropbox.

 

  • Cost concern, in general, the cloud provides pay as you go model which give flexibility to the users on how they want to use it. Despite the self-service, users don’t know how much they have spent before getting a bill, it may be low price, but still can be a high price too, it is better to choose cloud service provider platform that provides cost calculator to get an estimate how much the user will be paying. (Pragim Technologies). Create alerts that notify cloud spending, it’s always good to keep these risks in mind before moving to the cloud.

 

  • There are virtual machine and container in virtualization. Some business companies don’t pay any attention to the differences between these two virtual machines, which raises more overhead costs than container as the container doesn’t require it’s own operating system. Each container packages applications code and its dependencies, if there are three applications, in a single server, three containers created. Each application will think it is running on a dedicated operating system, and it dedicated server hardware. Still, in reality, all the container applications are sharing the same host operating systems and hardware.

       In case of virtual machines, admin time is required to install security practice and keep up to date host operating system and the guest operating systems on all the virtual machines. For a virtual machine, users need to pay the host and guest operating system of all the virtual machine.

In case of containers no matter how many containers on the server, there is only one host operating system that demands admin time. In container, there’s only one host operating system to be paid.

Conclusion

       With cloud computing, businesses can become more agile and reduce costs because it is instantly scaled up and down as the user needed.Cloud computing is something that is needed to be considered by small to big companies as the storage data and files are arranged by the company itself. While cloud computing has provided plentiful and considerable benefits, users can be cautious with risks that might reduce the function from the cloud service provider and make the user inconvenience would not waste any time as it is for the business to work well.

References :

Kelly - Komisi 1 - B2024