When we mention cloud computing to our SME clients as a possible solution for the cost effective management of their services, we often get asked “but what are the risks of trusting our information to someone else?” At commissum we believe many of the issues relating to cloud computing are not new and should be considered for all relationships with service providers, although there are a few specific considerations to be made.
Using cloud computing, organisations can contract service providers to provide infrastructure, platforms and, presently more commonly software. These services enable convenient, on-demand network access to a shared pool of configurable resources such as networks, servers, storage, applications and other services, provided and released with minimal management effort or interaction of the service provider. The advantages of scalability, reduced lower overhead costs and flexibility are clear and allow organisations to focus on core competencies instead of devoting resources on IT operations.
Most companies have policies and processes in place to deal with commercial relationships with IT service providers. Although these policies and processes will equally work well with cloud services many still do not sufficiently cover the risk related to the security of information.
Applications which are to be provided by a cloud service require the same risk assessment considerations as those provided by a traditional service provider.
What if the solution is:-
· failing to deliver the required business value;
· not performing to the levels agreed;
· not integrated with the existing in-house services;
· unavailable and causes delays and reputational damage;
· suffered from breaches in integrity and confidentiality of information.
But commissum’s (www.commissum.com/) Principal Assurance Consultant André Coner suggests that the following considerations specific to cloud computing should he added:
· Maturity of the cloud service provider and service provider on-going concern issues;
· Complexity of compliance with laws and regulations;
· Legal issues around liability and ownership relating to different hosting countries;
· Storage of personally identifiable information in other countries;
· Consider the much greater dependency on third parties and reliance on external interfaces;
· Greater reliance on Internet connectivity;
· Security issues of public, community and hybrid cloud environments;