Thursday, August 19, 2010

The Risks of Cloud Computing

As we emerge from the economic downturn, more and more companies are considering “cloud computing” solutions as a way to keep information technology costs in control.  However, some companies are fearful of the unknown aspects of managing information within the cloud.  These fears may be justified, but they can certainly be alleviated by conducting a thorough risk assessment and vendor due diligence exercise prior to venturing into the cloud.

It all starts with what the company is looking to achieve through cloud computing and whether the investment is worth the risk.  For example, will the application hosted in the cloud be customer facing and subject to strict regulatory standards?  If so, then the risk assessment should include the probability and impact of events such as a data breach or unplanned downtime.

Once the risk assessment has been completed and the investment decision has been made, then a comprehensive due diligence exercise should be conducted.  Some vendors may suggest simply relying on their SAS 70 report from their external auditing firm rather than performing a due diligence exercise.  While SAS 70 reports are useful, they are not specific to the relationship between the two companies.  It is imperative that the following areas are examined in relation to a company’s current information security policies and overall operating expectations.

  1. Organizational and Human Resource Security

  2. Access Control

  3. Asset Management

  4. Physical and Environmental Security

  5. Operations and Change Management

  6. Disaster Recovery and Business Continuity

  7. Privacy

  8. Regulatory Compliance


Like any other partnership or outsourcing agreement, the time to address potential risks and issues with cloud computing is at the very beginning of the relationship.  By doing so, both the company and the vendor will benefit from the opportunity to understand each other’s expectations.  It will also serve as the foundation for a successful cloud computing solution.

If your company would like to learn more about performing a cloud computing risk assessment and due diligence exercise, email us at NavigateSuccessfully@WheelhouseAdvisors.com.

Posted by at
Labels: , ,

1 comment:

  1. Janice Taylor-GainesAugust 19, 2010 at 4:34 AM

    Great article highlighting the need for everyone to have a much higher computer/data security awareness. Everyone needs to be a mini-Security Officer today. Check a (free) blog, "The Business-Technology Weave" (can Google to it) - it reflects what this article is saying. The majority of breaches are due to human error, therefore awareness and common sense are key, in supporting all necessary best practices. The blog author also has a book we use at work, "I.T. WARS" (you can Google that too). It has a great Security chapter, and others that treat security. Keep security front and center – a pet concern of mine! Highly recommended. Great stuff.

    ReplyDelete

Subscribe to: Post Comments (Atom)