By Allie Philpin
Earlier this month, we published an article – Beware the Risks with Cloud Computing – highlighting the potential risks involved in implementing a cloud computing solution. What we didn’t discuss was how to assess those risks to ensure that your venture into the cloud is successful. The rise in cloud computing has also brought with it a better understanding and greater knowledge about the technology and its advantages; it has also raised the possible risks involved. But assess those risks thoroughly and ensure the right processes and procedures have also been implemented to address those risks, and it needn’t be a headache!
The benefits of cloud computing have been cited many a time, but just to recap:
• Cost efficiency – IT resources are better utilised, less infrastructure is required to support processes and applications, pay-as-you-use storage capacity to allow for quicker scaling up or down as necessary, all leading to reduced capital investment and better time and cost efficiencies.
• Fast – gone are the days when it takes weeks or months for IT departments to implement new technology. Cloud solutions can be up and running within hours, and businesses don’t have to schedule updates, repairs and more because the cloud provider does this for you.
• Flexible – your cloud has the ability to adapt, quickly and efficiently, to the changes in your business requirements, including introducing new applications, enhancing mobility and access for employees to enable better remote working, and supporting the influx of new data.
IT managers probably have the biggest worries when it comes to cloud computing. They have gone to great lengths to ensure their infrastructure is managed effectively, data is stored securely, and only the right people have the right access, at the right time. Introduce the cloud and that control they enjoyed starts to disappear, and they have to put their trust into not only someone else, but an outsourced provider! The best way to ensure that your IT department, and your business, retains a level of control and knows what’s happening is to assess the risks in respect of data security, infrastructure, what the cloud can offer in terms of capability, and what your business needs. So, let’s consider the risks:
• Security – your data will be held off-site, by another party, opening up the potential risks of theft and security breaches.
• Reliability – you are no longer in control should connectivity be lost, i.e. an outage occurs.
• Application management – doing updates and making amendments to software, of the fixing of bugs is no longer within your control, and the process for carry out these tasks could prove complex.
All of which highlights the necessity to have a very good working relationship with your cloud provider, particularly as they could probably do a better job at all this than you! (Not what your IT department wants to hear, no doubt!). It is your cloud provider’s role to develop a set of best practices with their customers, and if they don’t get it right for you, they no longer have your custom.
Assessing the risk is finding the right balance; how to benefit your business and realise your objectives against reducing and, hopefully, eliminating the risks:
• Understand that your cloud provider is part of your IT department; your risks are their risks. It’s as important to your cloud provider as it is to you to ensure that all runs smoothly, so, get to know your cloud provider well and work with them, not against them.
• Ensure your cloud provider can validate controls and processes, i.e. auditing, accessibility, data security controls and encryption.
• If you have systems that are essentially, or virtually, separated from each other via encryption, choose a private or virtual private cloud so that your systems are able to sit within a public cloud.
• Decide which applications within your organisation are suitable for the cloud.
• Develop, with your cloud provider, a disaster recovery plan that works for both parties.
• Keep regular backups of your critical assets based within the cloud, and use a comprehensive encryption solution to protect your data.
• Set up, with your cloud provider, regular security alerts and ensure they highlight any mission-critical assets.
• Check out industry certifications for cloud providers, i.e. ISO 27001 and 27002, ISO 31000 and PCI DSS (Payment Card Industry Data Security Standard) compliance, and if you want better transparency, get an independent audit carried out.
• To increase data security, introduce extra encryption measures and single sign-on access. You may also want to use a security framework, for example ITSM or ITIL.
Just because there are risks involved doesn’t mean you can’t go ahead with implementing a cloud solution. Address the issues, ask the questions, improve your IT governance, implement security measures and establish good practice business processes, and you’ll be well on your way to utilising cloud computing that will bring a range of competitive benefits to your business.