Are there risks within the Cloud?
Yes, obviously there are risks whether you choose the Cloud, internal or outsourced, the important thing is to recognise and manage them. Typical risks that CloudCIO will look at are the following:
Because companies typically outsource their IT services to a centralized 3rd party provider, there is a dependency formed towards that provider. If ever for some reason they are unable to provide service, then all of their clients are affected. The mitigation for this is achieving the best possible Service Level Agreement with compensation and also to develop a robust Disaster Recovery plan outlining how the business can carry on temporarily without the Cloud Services.
Data security is always important to any company. Even Data stored ‘safely’ in a business’ in-house servers are at risk of attack. Add to that the current trend of BYOD and Consumerisation meaning that increasing amounts of sensitive business information is now making its way into private devices and private clouds with no business control or protection. Business oriented Cloud Services are by no means without Information Security risks that can be hard to assess when negotiating a cloud contract. The mitigation for Cloud Information Security risks are contractual security requirements on the provider, provisioning of two-stage authentication, encryption techniques and contractual commitment as to in which country information can be stored.
Dependency on connectivity for frequently used services should not be ignored. Network outages do occur and will have significant impact on a business depending on Cloud Based services for revenue generation. Like for Centralized services the mitigation for loss of connectivity is in part a strong SLA that can provide some revenue mitigation but most importantly there needs to be a Disaster Recovery plan in place that devices backup plans to be invoked should the outage be of significant length.
Cloud provider goes out of business.
This is a very difficult scenario, however the likelihood of this risk is low as the folding business would typically be taken over by another Cloud Service provider and services would continue. It is still important that this scenario is thought through and a mitigation plan is in place to maintain a backup of all data or quickly have access to the data stored so that a new Service Provider can be engaged with historic data available.