Managing Risk when taking the Public Cloud Route OR Managing Risk in Public Cloud Strategy

Managing Risk

The secret to a pleasant and successful experience in migrating to a Public Cloud Strategy for your enterprise is “minimizing risk while maximizing your return on investment (ROI) and reducing total cost of ownership (TCO)“. Sound familiar? Sounds like managing your retirement fund nest egg. In this article we will address few of the risk management guidelines and standard business practices to mitigate risk when going with a public Cloud Strategy or migrating your IT or business assets to the Cloud.

So, to remain competitive and be efficient, “how big of a risk is it to migrate to the cloud or go with a cloud strategy and how to mitigate it”? We will talk about various types of risks in going the public cloud route and ways you can mitigate them to a comfortable level so that you can achieve your business objectives.

The security as a risk can be addressed in terms of the following:

  • Confidentiality, Integrity and Availability.

You should carefully review the SLA’s (service level agreements) with the public Cloud provider to address your security risk concerns.

  • Question what happens if the SLA’s are not met.
  • Make note of any exception conditions in the SLA.
  • Look for penalties in case the SLA’s are not met.

NOTE – The thing about SLA’s is that it may act as deterrent for public Cloud providers from acting irresponsibly but the fact remains that if your mission critical application is on the Cloud and if it is unavailable or compromised within agreed SLA guidelines; your business could suffer loss of revenue and / or employee productivity.

Having said that, you should ask “How do I manage the risk?”. The answer is that the risk management guidelines should be along the same lines as you would expect from deploying private cloud in your own datacenter or conducting business the traditional datacenter setup with monolithic server farms.

Common sense coupled with proper governance dictates the following points to be thoroughly hashed out and well understood:

  • Check if public cloud provider has proper certified Business Continuity Plan (BCP) in place.

If not comfortable with the BCP plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them Leverage your current or traditional BCP plans.

  • Check if public cloud provider has proper certified Disaster Recovery Plan (DR) in place.

If not comfortable with the DR plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

Leverage your current or traditional DR plans

  • Check to see if Cloud datacenter is following standard Segregation of Duties (SOD) policies and procedures.
  • Check if public cloud provider has contract in place for breach. Typically breach contract should address cost of data loss, data integrity, downtime, customer notifications. Plus, having traditional security defenses should be in place. Look for important certifications such as SAS70, SSAE 16 and SOC 2 and SOC 3.

If not comfortable with the contract or certifications then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

  • Check public Cloud provider background.
  • Check if you have access to Cloud provider key performance indicators (KPI) to review them. Review the KPI and get a certain level of comfort before signing up.

If not comfortable with the KPI’s then either Re-visit cloud migration plan or Build processes to address the KPI’s.

  • Check if you have access to Cloud provider key risk indicators (KRI) to review them. Review the KRI and get a certain level of comfort before signing up.

If not comfortable with the KRI’s then either Re-visit cloud migration plan or Build processes to address the KRI’s.

  • Check if the Cloud provider is financially sound.

There is more visibility into publicly traded cloud provider’s financials, while there is less visibility into privately held provider’s financials.

  • Check how to get your data back if provider shuts down operations.

If not comfortable with the provider plans then either Re-visit cloud migration plan or Build processes for data recovery to address them.

  • Check what happens if your cloud provider goes bankrupt.

If not comfortable with the provider bankruptcy plans then either Re-visit cloud migration plan or Build processes to address provider bankruptcy.

  • Check if provider is using industry standard technologies and processes so that your business is not locked to a single cloud provider.

If not comfortable with the provider technologies, processes and plans then either Re-visit cloud migration plan or Build processes to address migrations.

  • Check the location of the datacenter for national or state boundaries to avoid:
  • Regulatory restrictions and
  • Performance issues

While the Cloud Strategy benefits are real and are changing how we do business AND perceive business models; the fact remains that if your business is at stake and then you have to balance the risk vs. reward equation.

In a nutshell; do your due diligence, put detailed policies, processes and controls on implementing proper checks and balances to mitigate risk to comfortable and acceptable standards in place and reap the benefits of the new paradigm, namely “Cloud”.

By Harry Sangha

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based competitors. Saleforce.com chews up Oracle’s CRM business. Airbnb has a bigger market cap than Marriott. Amazon crushes Walmart (and pretty much every other retailer). We say: “How could they have not seen this coming?” But, more…

What Futuristic Tech Will You See In Your Lifetime?

What Futuristic Tech Will You See In Your Lifetime?

Futuristic Tech The world and what people can do is increasingly being driven by technology. It has already shaped the world we live in, but over the next few decades it is set to shape the world in ways that we can barely imagine. There have already been some great leaps in IoT technology recently,…

The Lighter Side Of The Cloud – Hiding Spots

The Lighter Side Of The Cloud – Hiding Spots

By David Fletcher Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via@cloudtweaks) to our original comic sources is greatly appreciated.

Recent Articles - Posted by
Fintech Exploiting AI and Blockchain Technology

Fintech Exploiting AI and Blockchain Technology

AI and Blockchain Technology The field of artificial intelligence (AI) had progressed rapidly in the last ten years, though first recognized in the 1950s. From autonomous motor vehicles to digital personal assistants, the technology is making its way into a variety of industries, enabling better task automation, language processing, and data analytics. But more recently,…

Four Keys For Telecoms Competing In A Digital World

Four Keys For Telecoms Competing In A Digital World

Competing in a Digital World Telecoms, otherwise largely known as Communications Service Providers (CSPs), have traditionally made the lion’s share of their revenue from providing pipes and infrastructure. Now CSPs face increased competition, not so much from each other, but with digital service providers (DSPs) like Netflix, Google, Amazon, Facebook, and Apple, all of whom…

Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

Cloud Infographic – Big Data Predictions By 2023

Cloud Infographic – Big Data Predictions By 2023

Big Data Predictions By 2023 Everything we do online from social networking to e-commerce purchases, chatting, and even simple browsing yields tons of data that certain organizations collect and poll together with other partner organizations. The results are massive volumes of data, hence the name “Big Data”. This includes personal and behavioral profiles that are stored, managed, and…

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

The Internet of Things Lifts Off To The Cloud

The Internet of Things Lifts Off To The Cloud

The Staggering Size And Potential Of The Internet of Things Here’s a quick statistic that will blow your mind and give you a glimpse into the future. When you break that down, it translates to 127 new devices online every second. In only a decade from now, every single vehicle on earth will be connected…

Do Small Businesses Need Cloud Storage Service?

Do Small Businesses Need Cloud Storage Service?

Cloud Storage Services Not using cloud storage for your business yet? Cloud storage provides small businesses like yours with several advantages. Start using one now and look forward to the following benefits: Easy back-up of files According to Practicalecommerce, it provides small businesses with a way to back up their documents and files. No need…

Why Small Businesses Need A Business Intelligence Dashboard

Why Small Businesses Need A Business Intelligence Dashboard

The Business Intelligence Dashboard As a small business owner you would certainly know the importance of collecting and analyzing data pertaining to your business and transactions. Business Intelligence dashboards allow not only experts but you also to access information generated by analysis of data through a convenient display. Anyone in the company can have access…

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance  Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into…