Risk Management Approach to Exploit the Cloud
Cloud computing is a common word that has taken over the IT world for being highly scalable, shareable and automated. It also impacts savings and flexibility. Larger organisations depend on cloud for basic infrastructural services, developmental platforms, and more often than not, whole applications because it offers improved agility and lower IT costs. While using external cloud offerings is significantly cheaper, they also invest in developing their private cloud systems. Smaller businesses, which are following suit, are buying public-cloud offerings, as they cannot spare time, resources or finance to build their own cloud resource. These pubic cloud services are easy to use and surely value for money. Thus, cloud environment has permeated in all corporates, big or small and cloud-free organisations are rare, in fact may not exist at all.
Undoubtedly these pose a new list of risks, such as – sensitive data access, security aspects of the third party cloud, network protection and so on are just the tip of the iceberg as the risks are actually constantly evolving. In case of public cloud, these risks are even more pronounced - For example, in case of telecommunications network services where the terms and conditions exist for security breaches, downtime, and events of noncompliance between providers and enterprises. They are complicated, but they are well understood and abided by providers, law firms, etc. But the scenario changes completely in cloud as the geographic location of data from both the provider and customer is obscure thus regulatory actions are not possible. Another spin-off caused by cloud is that cloud architecture is not updated or evolved to conform to regulatory and industry standards transparently.
Another distinctive kind of risk-management that is faced by many enterprises is the fragmentation of data. Customers access cloud across many platforms dispersing their sensitive data to different platforms that often have varied security protocols. Conversely, if all the data is at one place, as is in a highly scaled private cloud environment, it creates what is called the ‘honeyspot’, for agencies or people with malevolent intentions to have one target to attack.
As cloud computing is still in its early days, a risk management approach to exploit cloud has not really clearly evolved but there are some rough aspects that can be taken into consideration for better management such as discussed below:
Understand Your Cloud’s Need
‘Public cloud’ and ‘private cloud’ are straightforward, but there are other combinational models that may provide control and opportunities. These can be concluded from various angles such as the maturity of technological and organizational solutions, type of application, specific configurations and vendor capabilities.
Mixed Cloud Strategy
Various type of workloads and different data sets have vastly varied stakes when it comes to data protection because of the nature of the application and its phase in the software life cycle that it supports. Public cloud can be a good option for developing and testing software, since this mostly does not involve sensitive data. And, any data that has business value or includes personally identifiable customer information needs appropriate management and protection of private data.
Organizations should establish comprehensive risk-management approach for cloud computing that extends beyond technology solutions and the IT department. It should address transparency, risk strategy, processes and decisions of risk-enabled business, risk organization and governance, and so on.
Though the cloud forms an exciting development for enterprise IT, organizations need to strike the right balance between protecting data and taking advantage of more efficient and flexible technology.