Managing Risk when taking the Public Cloud Route OR Managing Risk in Public Cloud Strategy

Managing Risk when taking the Public Cloud Route OR Managing Risk

The secret to a pleasant and successful experience in migrating to a Public Cloud Strategy for your enterprise is “minimizing risk while maximizing your return on investment (ROI) and reducing total cost of ownership (TCO)“. Sound familiar? Sounds like managing your retirement fund nest egg. In this article we will address few of the risk management guidelines and standard business practices to mitigate risk when going with a public Cloud Strategy or migrating your IT or business assets to the Cloud.

So, to remain competitive and be efficient, “how big of a risk is it to migrate to the cloud or go with a cloud strategy and how to mitigate it”? We will talk about various types of risks in going the public cloud route and ways you can mitigate them to a comfortable level so that you can achieve your business objectives.

The security as a risk can be addressed in terms of the following:

  • Confidentiality, Integrity and Availability.

You should carefully review the SLA’s (service level agreements) with the public Cloud provider to address your security risk concerns.

  • Question what happens if the SLA’s are not met.
  • Make note of any exception conditions in the SLA.
  • Look for penalties in case the SLA’s are not met.

NOTE – The thing about SLA’s is that it may act as deterrent for public Cloud providers from acting irresponsibly but the fact remains that if your mission critical application is on the Cloud and if it is unavailable or compromised within agreed SLA guidelines; your business could suffer loss of revenue and / or employee productivity.

Having said that, you should ask “How do I manage the risk?”. The answer is that the risk management guidelines should be along the same lines as you would expect from deploying private cloud in your own datacenter or conducting business the traditional datacenter setup with monolithic server farms.

Common sense coupled with proper governance dictates the following points to be thoroughly hashed out and well understood:

  • Check if public cloud provider has proper certified Business Continuity Plan (BCP) in place.

If not comfortable with the BCP plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them Leverage your current or traditional BCP plans.

  • Check if public cloud provider has proper certified Disaster Recovery Plan (DR) in place.

If not comfortable with the DR plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

Leverage your current or traditional DR plans

  • Check to see if Cloud datacenter is following standard Segregation of Duties (SOD) policies and procedures.
  • Check if public cloud provider has contract in place for breach. Typically breach contract should address cost of data loss, data integrity, downtime, customer notifications. Plus, having traditional security defenses should be in place. Look for important certifications such as SAS70, SSAE 16 and SOC 2 and SOC 3.

If not comfortable with the contract or certifications then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

  • Check public Cloud provider background.
  • Check if you have access to Cloud provider key performance indicators (KPI) to review them. Review the KPI and get a certain level of comfort before signing up.

If not comfortable with the KPI’s then either Re-visit cloud migration plan or Build processes to address the KPI’s.

  • Check if you have access to Cloud provider key risk indicators (KRI) to review them. Review the KRI and get a certain level of comfort before signing up.

If not comfortable with the KRI’s then either Re-visit cloud migration plan or Build processes to address the KRI’s.

  • Check if the Cloud provider is financially sound.

There is more visibility into publicly traded cloud provider’s financials, while there is less visibility into privately held provider’s financials.

  • Check how to get your data back if provider shuts down operations.

If not comfortable with the provider plans then either Re-visit cloud migration plan or Build processes for data recovery to address them.

  • Check what happens if your cloud provider goes bankrupt.

If not comfortable with the provider bankruptcy plans then either Re-visit cloud migration plan or Build processes to address provider bankruptcy.

  • Check if provider is using industry standard technologies and processes so that your business is not locked to a single cloud provider.

If not comfortable with the provider technologies, processes and plans then either Re-visit cloud migration plan or Build processes to address migrations.

  • Check the location of the datacenter for national or state boundaries to avoid:
  • Regulatory restrictions and
  • Performance issues

While the Cloud Strategy benefits are real and are changing how we do business AND perceive business models; the fact remains that if your business is at stake and then you have to balance the risk vs. reward equation.

In a nutshell; do your due diligence, put detailed policies, processes and controls on implementing proper checks and balances to mitigate risk to comfortable and acceptable standards in place and reap the benefits of the new paradigm, namely “Cloud”.

By Harry Sangha

———————————————

Harry is an Inventor, entrepreneur and cloud computing evangalist.  He is also the Founder of  www.cloudcreo.com a Cloud Management Platform and Appliance Factory. 

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.

Contributors

Cloud Infographic – Wearable Tech And Preventative Healthcare

Cloud Infographic – Wearable Tech And Preventative Healthcare

Wearable Tech And Preventative Healthcare There are so many exciting new opportunities available to utilize wearable technology in the future.  Areas such as nanotechnology disease monitoring, crowdfunding to wearable accessories are some excellent examples of the potential. Estimates vary, but appear to suggest that the market will produce between $14-50 Billion over the next few years. Included below

Ten Tips For Successful Business Intelligence Implementation

Ten Tips For Successful Business Intelligence Implementation

Ten Tips for Successful Business Intelligence Implementation The cost of Business Intelligence (BI) software goes far beyond the purchase price. Time spent researching, implementing, and maintaining your BI investment can snowball quickly and mistakes are often expensive. Your time is valuable – save it by learning from other businesses’ experiences. We’ve compiled the top ten

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into

Aggregated News

Popular News Sources

Storage Considerations for SharePoint Backups

Storage Considerations for SharePoint Backups

Storage Considerations for SharePoint Backups Wednesday, October 29, 2014 @ 9:00 am/12:00pm ET. Backup and Restore of a SharePoint environment can be a complex endeavor as the product consists of multiple components running at various tiers, each with their own backup and restore requirements. In addition, SharePoint documents are stored as Binary Large Objects (BLOBs) in

OpenDNS Deployment Leads to Twenty-Fold Decrease in Malware Infections at Hamamatsu

OpenDNS Deployment Leads to Twenty-Fold Decrease in Malware Infections at Hamamatsu

Decreases in Malware Infections at Hamamatsu OpenDNS, a leading provider of cloud-delivered security, today announced that it has enabled Hamamatsu, a Japanese manufacturer of optical sensor technologies, to virtually eliminate malware infections across its U.S. Read the source article at Finance News About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the

IBM and Microsoft – What Are They Doing With The Hybrid Cloud?

IBM and Microsoft – What Are They Doing With The Hybrid Cloud?

What Are They Doing With The Hybrid Cloud? “Microsoft is committed to helping enterprise customers realize the tremendous benefits of cloud computing across their own systems, partner clouds and Microsoft Azure,” said Scott Guthrie, executive vice president,Cloud and Enterprise, Microsoft. “With this … Read the source article at CNNMoney About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized