Managing Risk when taking the Public Cloud Route OR Managing Risk in Public Cloud Strategy

Managing Risk when taking the Public Cloud Route OR Managing Risk

The secret to a pleasant and successful experience in migrating to a Public Cloud Strategy for your enterprise is “minimizing risk while maximizing your return on investment (ROI) and reducing total cost of ownership (TCO)“. Sound familiar? Sounds like managing your retirement fund nest egg. In this article we will address few of the risk management guidelines and standard business practices to mitigate risk when going with a public Cloud Strategy or migrating your IT or business assets to the Cloud.

So, to remain competitive and be efficient, “how big of a risk is it to migrate to the cloud or go with a cloud strategy and how to mitigate it”? We will talk about various types of risks in going the public cloud route and ways you can mitigate them to a comfortable level so that you can achieve your business objectives.

The security as a risk can be addressed in terms of the following:

  • Confidentiality, Integrity and Availability.

You should carefully review the SLA’s (service level agreements) with the public Cloud provider to address your security risk concerns.

  • Question what happens if the SLA’s are not met.
  • Make note of any exception conditions in the SLA.
  • Look for penalties in case the SLA’s are not met.

NOTE – The thing about SLA’s is that it may act as deterrent for public Cloud providers from acting irresponsibly but the fact remains that if your mission critical application is on the Cloud and if it is unavailable or compromised within agreed SLA guidelines; your business could suffer loss of revenue and / or employee productivity.

Having said that, you should ask “How do I manage the risk?”. The answer is that the risk management guidelines should be along the same lines as you would expect from deploying private cloud in your own datacenter or conducting business the traditional datacenter setup with monolithic server farms.

Common sense coupled with proper governance dictates the following points to be thoroughly hashed out and well understood:

  • Check if public cloud provider has proper certified Business Continuity Plan (BCP) in place.

If not comfortable with the BCP plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them Leverage your current or traditional BCP plans.

  • Check if public cloud provider has proper certified Disaster Recovery Plan (DR) in place.

If not comfortable with the DR plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

Leverage your current or traditional DR plans

  • Check to see if Cloud datacenter is following standard Segregation of Duties (SOD) policies and procedures.
  • Check if public cloud provider has contract in place for breach. Typically breach contract should address cost of data loss, data integrity, downtime, customer notifications. Plus, having traditional security defenses should be in place. Look for important certifications such as SAS70, SSAE 16 and SOC 2 and SOC 3.

If not comfortable with the contract or certifications then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

  • Check public Cloud provider background.
  • Check if you have access to Cloud provider key performance indicators (KPI) to review them. Review the KPI and get a certain level of comfort before signing up.

If not comfortable with the KPI’s then either Re-visit cloud migration plan or Build processes to address the KPI’s.

  • Check if you have access to Cloud provider key risk indicators (KRI) to review them. Review the KRI and get a certain level of comfort before signing up.

If not comfortable with the KRI’s then either Re-visit cloud migration plan or Build processes to address the KRI’s.

  • Check if the Cloud provider is financially sound.

There is more visibility into publicly traded cloud provider’s financials, while there is less visibility into privately held provider’s financials.

  • Check how to get your data back if provider shuts down operations.

If not comfortable with the provider plans then either Re-visit cloud migration plan or Build processes for data recovery to address them.

  • Check what happens if your cloud provider goes bankrupt.

If not comfortable with the provider bankruptcy plans then either Re-visit cloud migration plan or Build processes to address provider bankruptcy.

  • Check if provider is using industry standard technologies and processes so that your business is not locked to a single cloud provider.

If not comfortable with the provider technologies, processes and plans then either Re-visit cloud migration plan or Build processes to address migrations.

  • Check the location of the datacenter for national or state boundaries to avoid:
  • Regulatory restrictions and
  • Performance issues

While the Cloud Strategy benefits are real and are changing how we do business AND perceive business models; the fact remains that if your business is at stake and then you have to balance the risk vs. reward equation.

In a nutshell; do your due diligence, put detailed policies, processes and controls on implementing proper checks and balances to mitigate risk to comfortable and acceptable standards in place and reap the benefits of the new paradigm, namely “Cloud”.

By Harry Sangha

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Recent

How M2M Differs From IoT Internet of Things

How M2M Differs From IoT Internet of Things

What Is M2M Machine To Machine? When it comes to communications between machines, the terms Machine to Machine (M2M) and the Internet of Things (IoT) are seemingly similar to each other. In fact, there is a very strong connection between both terms which is why they are often used as the same. However, that is…

Cloud Infographic – Top Vulnerable Applications

Cloud Infographic – Top Vulnerable Applications

Top Vulnerable Applications  As you use the Internet on a daily basis, you probably come across cyber security topics, but rarely glance at them twice. After all, cyber security threats don’t concern you, right? Well, that’s not exactly true. Cyber attacks are more widespread than you can imagine and they may be targeting your devices as…

The Lighter Side Of The Cloud – Whatever Happened To Alone Time?

The Lighter Side Of The Cloud – Whatever Happened To Alone Time?

By David Fletcher Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates.  About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

MOST RECENT - Posted by

Popular Archives

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

Sponsors

The Many Hats Of Today’s IT Managers

The Many Hats Of Today’s IT Managers

The Many Hats of IT Managers In years past, the IT department of most large organizations was much like a version of Middle Earth: a mysterious nether world where people who seemed infinitely smarter than the rest of us bustled around, speaking and typing languages that appeared indecipherable, yet, which made our world work. They…

Selling Your Business To Your Employees

Selling Your Business To Your Employees

Mobility For Your Employees It may seem a radical notion, the idea of selling your business to the people who work for you, but this is the era in which we now work. Employees of all levels are all incredibly aware of their options when it comes to mobility and employability. This doesn’t mean that…

Technology Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG
Advertising ROI Plans

Established in 2009

CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising