Managing Risk when taking the Public Cloud Route OR Managing Risk in Public Cloud Strategy

Managing Risk

The secret to a pleasant and successful experience in migrating to a Public Cloud Strategy for your enterprise is “minimizing risk while maximizing your return on investment (ROI) and reducing total cost of ownership (TCO)“. Sound familiar? Sounds like managing your retirement fund nest egg. In this article we will address few of the risk management guidelines and standard business practices to mitigate risk when going with a public Cloud Strategy or migrating your IT or business assets to the Cloud.

So, to remain competitive and be efficient, “how big of a risk is it to migrate to the cloud or go with a cloud strategy and how to mitigate it”? We will talk about various types of risks in going the public cloud route and ways you can mitigate them to a comfortable level so that you can achieve your business objectives.

The security as a risk can be addressed in terms of the following:

  • Confidentiality, Integrity and Availability.

You should carefully review the SLA’s (service level agreements) with the public Cloud provider to address your security risk concerns.

  • Question what happens if the SLA’s are not met.
  • Make note of any exception conditions in the SLA.
  • Look for penalties in case the SLA’s are not met.

NOTE – The thing about SLA’s is that it may act as deterrent for public Cloud providers from acting irresponsibly but the fact remains that if your mission critical application is on the Cloud and if it is unavailable or compromised within agreed SLA guidelines; your business could suffer loss of revenue and / or employee productivity.

Having said that, you should ask “How do I manage the risk?”. The answer is that the risk management guidelines should be along the same lines as you would expect from deploying private cloud in your own datacenter or conducting business the traditional datacenter setup with monolithic server farms.

Common sense coupled with proper governance dictates the following points to be thoroughly hashed out and well understood:

  • Check if public cloud provider has proper certified Business Continuity Plan (BCP) in place.

If not comfortable with the BCP plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them Leverage your current or traditional BCP plans.

  • Check if public cloud provider has proper certified Disaster Recovery Plan (DR) in place.

If not comfortable with the DR plan then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

Leverage your current or traditional DR plans

  • Check to see if Cloud datacenter is following standard Segregation of Duties (SOD) policies and procedures.
  • Check if public cloud provider has contract in place for breach. Typically breach contract should address cost of data loss, data integrity, downtime, customer notifications. Plus, having traditional security defenses should be in place. Look for important certifications such as SAS70, SSAE 16 and SOC 2 and SOC 3.

If not comfortable with the contract or certifications then either Re-visit cloud migration plan or Build processes or incidence response plans to address them.

  • Check public Cloud provider background.
  • Check if you have access to Cloud provider key performance indicators (KPI) to review them. Review the KPI and get a certain level of comfort before signing up.

If not comfortable with the KPI’s then either Re-visit cloud migration plan or Build processes to address the KPI’s.

  • Check if you have access to Cloud provider key risk indicators (KRI) to review them. Review the KRI and get a certain level of comfort before signing up.

If not comfortable with the KRI’s then either Re-visit cloud migration plan or Build processes to address the KRI’s.

  • Check if the Cloud provider is financially sound.

There is more visibility into publicly traded cloud provider’s financials, while there is less visibility into privately held provider’s financials.

  • Check how to get your data back if provider shuts down operations.

If not comfortable with the provider plans then either Re-visit cloud migration plan or Build processes for data recovery to address them.

  • Check what happens if your cloud provider goes bankrupt.

If not comfortable with the provider bankruptcy plans then either Re-visit cloud migration plan or Build processes to address provider bankruptcy.

  • Check if provider is using industry standard technologies and processes so that your business is not locked to a single cloud provider.

If not comfortable with the provider technologies, processes and plans then either Re-visit cloud migration plan or Build processes to address migrations.

  • Check the location of the datacenter for national or state boundaries to avoid:
  • Regulatory restrictions and
  • Performance issues

While the Cloud Strategy benefits are real and are changing how we do business AND perceive business models; the fact remains that if your business is at stake and then you have to balance the risk vs. reward equation.

In a nutshell; do your due diligence, put detailed policies, processes and controls on implementing proper checks and balances to mitigate risk to comfortable and acceptable standards in place and reap the benefits of the new paradigm, namely “Cloud”.

By Harry Sangha

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

The Modular Drone Concept In Action

The Modular Drone Concept In Action

The Modular Drone Concept As the Internet of Things (IoT) world explodes around us, it is interesting to think about new ways of solving old problems. For example, drones allow for a potential solutions to a number of long-standing problems. Aerial drones that can carry modules are appearing. These new modular drones have a number…

An Old Recurring Revenue Model Gains New Converts

An Old Recurring Revenue Model Gains New Converts

An Old Recurring Revenue Model Due to a range of market forces, a recurring revenue model that’s been used for decades in industries such as airplane manufacturing is undergoing a resurgence. Widely referred to as outcome-based pricing, output-based pricing, and performance pay, it offers companies a compelling way to stand out in a crowded field.…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

The Collision of Cloud and Data Privacy

The Collision of Cloud and Data Privacy

Cloud and Data Privacy The “cloudification” of everything from data storage to applications to security services has increased the availability of free-flowing data, allowing business to access anything from anywhere. However, it’s raised serious concerns about the security of personally identifiable information (PII) collected and shared by businesses and government agencies across international borders, and…

SaaS Freemium Models and the Hidden Cost of Free

SaaS Freemium Models and the Hidden Cost of Free

SaaS Freemium Models We’ve all been lured into sexy “try before you buy” freemium models that provide just the right amount of functionality to get you started. Yet, it’s not quite enough to complete the job. “Getting the job done” often requires stepping up to a paid or premium version that provides more functionality, capabilities…

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones from Apple, Samsung and HTC (Sponsored post courtesy of Verizon Wireless) The launch of the Galaxy S7 Edge at the Mobile World Congress in Barcelona during February was the first shot in a vintage year for mobile phones. The S7 is an incredible piece of hardware, but launches from HTC and Apple later in the…

Featured Sponsored Articles
How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor