Using a cloud service means moving from a “hands on” management model to one of indirect governance. How can an organization use an indirect governance to assure trust in the service provided? The answer can be found in the old Russian maxim, which was often quoted by US President Ronald Regan: “trust but verify.”
The risks associated with cloud computing depend on both the IT service model and the delivery model adopted. Some of these risks are new but many of the risks are already found with any outsourced IT service.
The risks can be divided into three general categories; policy and organizational risks, technical risks and legal risks. Examples of these risks include:
Ensuring compliance - Many organizations have invested heavily to ensure compliance with laws and regulations. Will using a cloud service affect compliance?
Business continuity - The recent reported outages of major cloud services show that 100% availability may not be guaranteed. How does using a cloud service impact business continuity?
Data security - What are the risks to data held remotely within the cloud provider’s infrastructure?
Using the cloud may outsource the IT service but it does not outsource responsibility. The cloud user remains responsible for the security of their information and for the continuity of their enterprise. When moving to the cloud, it is essential that steps are taken to manage these risks.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.