We know that cloud computing is “the new normal” just like virtualization was in the past. And we also know that the adoption of cloud computing by your organization can come with a series of benefits including:
- Reduced IT costs: You can reduce both CAPEX and OPEX when moving to the cloud.
- Scalability: In this fast changing world it is important to be able to scale up or down your solutions depending on the situation and your needs without having to purchase or install hardware or upgrades all by yourself.
- Business continuity: when you store data in the cloud, you ensure it is backed-up and protected which in turn helps with your continuity plan cause in the event of a crisis you’ll be able to minimize any downtime and loss of productivity.
- Collaboration: Cloud services allow you share files and communicate with employees and third-parties in this highly globalized world and in a timely manner.
- Flexibility: Cloud computing allows employees to be more flexible in their work practices cause it’s simpler to access data from home or virtually any place with an internet connection.
- Automatic updates: When consuming SaaS you’ll be using the latest version of the product avoiding the pain and expensive costs associated with software or hardware upgrades.
But once you ask yourself: what can possibly go wrong? You open your eyes to a “cloudy weather” where you must plan, identify, analyze, manage and control the risks associated with moving your data and operations to the cloud.
To help you with the identification process, here is a list of risks that your organization can face once you start or continue the transition to the cloud:
- Privacy agreement and service level agreement: You must understand the responsibilities of your cloud provider, as well as your own obligations. In some situations, is your obligation to do configure correctly the service in order to enable the best SLA possible.
- Regulatory compliance: Remember that although your data is residing on a provider’s cloud, you are still accountable to your customers for any security and integrity issues that may affect your data and therefore you must know the standards and procedures your provider has in place to help you mitigate your risk.
- Location of data: Know the location of your data and which privacy and security laws will apply to it cause it’s possible that your organization’s rights may get marginalized.
- Data privacy and security: Once you host confidential data in the cloud you are transferring a considerable amount of your control over data security to the provider. Ask who has access to your sensitive data and what physical and logical controls does the provider use to protect your information.
- Data availability and business continuity: How is your organization and the provider prepared to deal with a possible loss of internet connectivity? Weigh your tolerance level for unavailability of your data and services against the uptime SLA.
- Data loss and recovery: In a disaster scenario, how is your provider going to recover your data and how long will it take? Be sure to know your cloud provider’s disaster recovery capabilities and if and how they have been tested.
- Record retention requirements: If your business is subject to record retention requirements, how well is the cloud provider prepared to suite your needs?
- Environmental security: Cloud computing data centers are environments with a huge concentration of computing power, data, and users, which in turn creates a greater attack surface for bots, malware, brute force attacks, etc. Ask: how well prepared is the provider to protect your assets through access controls, vulnerability assessment, and patch and configuration management controls?
- Provider lockdown: What is your exit strategy in case your provider can no longer meet your requirements? Can you move your data and operations to another provider’s cloud? Are there technical issues associated with such a change?
Remember we are talking about your data and business here and once you transition to the cloud you are still accountable and responsible for what happens with it. And yes, moving to the cloud comes with a series of benefits and rewards if the associated risks are identified and well managed.
Blog contributed by Carlos Mendible ( Ex-SogetiLabs Member & Sogeti Employee)