Managing Risk when taking the Public Cloud Route OR Managing Risk in Public Cloud Strategy

Managing Risk when taking the Public Cloud Route OR Managing Risk

The secret to a pleasant and successful experience in migrating to a Public Cloud Strategy for your enterprise is “minimizing risk while maximizing your return on investment (ROI) and reducing total cost of ownership (TCO)“. Sound familiar? Sounds like managing your retirement fund nest egg. In this article we will address few of the risk management guidelines and standard business practices to mitigate risk when going with a public Cloud Strategy or migrating your IT or business assets to the Cloud.

So, to remain competitive and be efficient, “how big of a risk is it to migrate to the cloud or go with a cloud strategy and how to mitigate it”? We will talk about various types of risks in going the public cloud route and ways you can mitigate them to a comfortable level so that you can achieve your business objectives.

The security as a risk can be addressed in terms of the following:

  • Confidentiality, Integrity and Availability.

You should carefully review the SLA’s (service level agreements) with the public Cloud provider to address your security risk concerns.

  • Question what happens if the SLA’s are not met.
  • Make note of any exception conditions in the SLA.
  • Look for penalties in case the SLA’s are not met.

NOTE – The thing about SLA’s is that it may act as deterrent for public Cloud providers from acting irresponsibly but the fact remains that if your mission critical application is on the Cloud and if it is unavailable or compromised within agreed SLA guidelines; your business could suffer loss of revenue and / or employee productivity.

Having said that, you should ask “How do I manage the risk?”. The answer is that the risk management guidelines should be along the same lines as you would expect from deploying private cloud in your own datacenter or conducting business the traditional datacenter setup with monolithic server farms.

Common sense coupled with proper governance dictates the following points to be thoroughly hashed out and well understood:

  • Check if public cloud provider has proper certified Business Continuity Plan (BCP) in place.

If not comfortable with the BCP plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them Leverage your current or traditional BCP plans.

  • Check if public cloud provider has proper certified Disaster Recovery Plan (DR) in place.

If not comfortable with the DR plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

Leverage your current or traditional DR plans

  • Check to see if Cloud datacenter is following standard Segregation of Duties (SOD) policies and procedures.
  • Check if public cloud provider has contract in place for breach. Typically breach contract should address cost of data loss, data integrity, downtime, customer notifications. Plus, having traditional security defenses should be in place. Look for important certifications such as SAS70, SSAE 16 and SOC 2 and SOC 3.

If not comfortable with the contract or certifications then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

  • Check public Cloud provider background.
  • Check if you have access to Cloud provider key performance indicators (KPI) to review them. Review the KPI and get a certain level of comfort before signing up.

If not comfortable with the KPI’s then either Re-visit cloud migration plan or Build processes to address the KPI’s.

  • Check if you have access to Cloud provider key risk indicators (KRI) to review them. Review the KRI and get a certain level of comfort before signing up.

If not comfortable with the KRI’s then either Re-visit cloud migration plan or Build processes to address the KRI’s.

  • Check if the Cloud provider is financially sound.

There is more visibility into publicly traded cloud provider’s financials, while there is less visibility into privately held provider’s financials.

  • Check how to get your data back if provider shuts down operations.

If not comfortable with the provider plans then either Re-visit cloud migration plan or Build processes for data recovery to address them.

  • Check what happens if your cloud provider goes bankrupt.

If not comfortable with the provider bankruptcy plans then either Re-visit cloud migration plan or Build processes to address provider bankruptcy.

  • Check if provider is using industry standard technologies and processes so that your business is not locked to a single cloud provider.

If not comfortable with the provider technologies, processes and plans then either Re-visit cloud migration plan or Build processes to address migrations.

  • Check the location of the datacenter for national or state boundaries to avoid:
  • Regulatory restrictions and
  • Performance issues

While the Cloud Strategy benefits are real and are changing how we do business AND perceive business models; the fact remains that if your business is at stake and then you have to balance the risk vs. reward equation.

In a nutshell; do your due diligence, put detailed policies, processes and controls on implementing proper checks and balances to mitigate risk to comfortable and acceptable standards in place and reap the benefits of the new paradigm, namely “Cloud”.

By Harry Sangha

———————————————

Harry is an Inventor, entrepreneur and cloud computing evangalist.  He is also the Founder of  www.cloudcreo.com a Cloud Management Platform and Appliance Factory. 

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

What is the 12/12 Program?

This program is designed to better handle the thousands of requests we receive from people looking to submit articles. The 12/12 program is the commitment of 12 articles delivered over a 12-month period.  

Wait! What if I just want to submit one article?

Our popular pay as you go sponsorship program provides the flexibility to submit as you wish and is designed for all budgets.

Contributors

Cloud Infographic – Wearable Tech And Preventative Healthcare

Cloud Infographic – Wearable Tech And Preventative Healthcare

Wearable Tech And Preventative Healthcare There are so many exciting new opportunities available to utilize wearable technology in the future.  Areas such as nanotechnology disease monitoring, crowdfunding to wearable accessories are some excellent examples of the potential. Estimates vary, but appear to suggest that the market will produce between $14-50 Billion over the next few years. Included below

Ten Tips For Successful Business Intelligence Implementation

Ten Tips For Successful Business Intelligence Implementation

Ten Tips for Successful Business Intelligence Implementation The cost of Business Intelligence (BI) software goes far beyond the purchase price. Time spent researching, implementing, and maintaining your BI investment can snowball quickly and mistakes are often expensive. Your time is valuable – save it by learning from other businesses’ experiences. We’ve compiled the top ten

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into

Big Data

To Have and Have Not: Big Data Initiatives In Developing Countries

To Have and Have Not: Big Data Initiatives In Developing Countries

Big Data Initiatives In Developing Countries The poor of the developing countries are becoming increasingly connected, to the point where they too are part of the Big Data revolution that’s happening across the globe. It didn’t come with laptops, though, as some supposed it would. Whereas it costs a fortune to connect broadband to a

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data in Your Garden Big Data and IoT initiatives are springing up all across the globe, making cities, protesters–and just about everything else–smarter. However, thus far there’s been little attention paid to the interactions between these bizarre technologies and living things other than humans. Biology, that is, human biology is one field where Big

Who Holds the Key to the City: Big Data and City Management

Who Holds the Key to the City: Big Data and City Management

Big Data and City Management Cities like New York, Madrid, and especially Rio de Janeiro are augmented with Big Data-powered initiatives that range from combating crime with predictive analytics (New York & Madrid) to providing real-time data for improved management. Although Big Data is no panacea and is mainly used in conjunction with a greater

Internet of Things

Where’s the Capital of the Internet of Things?

Where’s the Capital of the Internet of Things?

Where’s the Capital? We all know the capitals of fashion are London, New York and Paris, while the capital of film is Hollywood (or Bollywood!) – but what’s the new capital of the internet? Specifically, the internet of things? The answer – according to new research by Ozy – might surprise you. It’s not Tokyo, Seoul,

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities And Big Data As Anthony Townsend argues in his SMART CITIES, even though the communications industry has changed beyond recognition since its inception, the way we consume power has remained stubbornly anachronistic. The rules of physics are, of course, partially to blame, for making grid networks harder to decentralize, as opposed to communication

Aggregated News

Popular News Sources

New Funding For Acumatica ERP Cloud Business – $13 Million Invested

New Funding For Acumatica ERP Cloud Business – $13 Million Invested

Acumatica ERP Cloud Business Acumatica, a well known ERP cloud services company has raised over $13 millions in new funding led by Bain Capital Owned-MYOB. This is exciting news for the company and demonstrates the high level of adoption and commitment by their clients and partners. This investment validates the market acceptance of the Acumatica solution,” said

Why Microsoft CEO Satya Nadella Loves What Steve Ballmer Once Despised

Why Microsoft CEO Satya Nadella Loves What Steve Ballmer Once Despised

“I don’t want to fight old battles,” says Microsoft CEO Satya Nadella. “I want to fight new ones.” It’s Sunday evening, and Nadella is sitting in a glass-enclosed room at the back of a Japanese restaurant in San Francisco’s North Beach neighborhood, eating sushi with a few reporters. The post Why Microsoft CEO Satya Nadella Loves

Apple sales soar after record-breaking iPhone 6 and 6 Plus launch

Apple sales soar after record-breaking iPhone 6 and 6 Plus launch

The US tech giant reported a 16 per cent jump in iPhone sales between July and September, and the strongest growth in Mac computer shipments in years. Read the source article at dailymail.co.uk About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of