Apac
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac
  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    DevOps

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    IT Services

    Marine Tech

    Networking

    PropTech

    Remote Work

    Robotics

    Scheduling Software

    Sensor Tech

    Simulation

    Smart City

    Software Testing

    Startup

    Storage

    Unified Communication

    Web Development

    Wireless

  • Automotive

    Banking

    Capital Market

    Construction

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Travel and Hospitality

  • CISCO

    Google

    IBM

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Collaboration

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Digital Signage

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Communications

    Enterprise Contract Management

    Enterprise Performance Management

    ERP

    Facility Management

    Field Service

    Fleet Management

    Gamification

    HR Technology

    IT Infrastructure

    IT Service Management

    Managed Services

    PLM

    Procurement

    Product Management

    Project Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • Compliance
    • CISCO
    • Collaboration
    • Contact Center
    • Healthcare
    • IT Service Management
    • Microsoft
    • Retail
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    Digital Transformation: Prerequisites for Success in the Insurance Industry

    Nicole Kellenberger, Global Eadmin Lead, Swiss RE and Sven Scandella, Head of ITP&C Business Management, Swiss RE

    Compliance in the Cloud

    Vasyl Nair, Chief Risk Officer, Mine Super & Louis Leung, Executive General Manager Group Risk and Compliance, Mine Super

    Lessons Learnt on Compliance and Culture Change

    Paula Cristina Spirandio, Compliance Manager, Gunvor Group

    right

    Balancing the Benefits and Risks of Cloud Computing

    By Toby Merrill, Division SVP, Global Cyber Risk Practice Leader, ACE Group

    Tweet
    content-image

    Toby Merrill, Division SVP, Global Cyber Risk Practice Leader, ACE Group

    Cloud computing has become, among other things, a buzzword nearly everyone is familiar with, but very few truly understand. Even fewer grasp all its implications for the future—largely because they are not yet completely clear, much less visible. The reason? As a technology, cloud computing is still closer to the infancy of its development. As a result, many of its benefits have not been fully realized, and its many risks are largely unknown.

    What is clear, however, is that “the Cloud” is poised to do nothing less than redefine and take over the IT landscape and, with it, the way every company around the world does business.

    Most companies are very familiar with the potential benefits of outsourcing their computing to the cloud, including speed, security, backup, reduced infrastructure costs, increased capacity, scalability, availability, geography, mobility and, in some cases, regulatory compliance. However, many companies are not as familiar with the new risks this evolution in technology has introduced.

    The tremendous benefits of Cloud Computing are accompanied by a host of perils, including data security, privacy, contractual, aggregation, hidden costs, and business interruption—all of which have the potential for significant financial liability. Unfortunately, the decision to move to the cloud is often made before these risks are properly communicated and considered. CIOs should be working in close partnership with their company’s risk management departments to properly assess and mitigate these risks. With the cloud, it is not just the risk manager’s responsibility to mitigate these dangers. As every employee interacts with and uses data constantly—from the CIO to the board to the new associate just out of college—everyone in the organization needs to have some awareness of data security measures.

    “Managing the risks of the cloud require careful due diligence and a rational analysis of both cloud provider services and the changing needs of the organization”

    What are the Risks of Cloud Computing?

    Being aware of the potential risks, practicing due diligence when hiring cloud computing service providers, and implementing comprehensive risk management programs are steps that are more than recommended; they are essential. Though certainly not all encompassing, there are five core areas deserving of careful consideration by any enterprise contemplating a cloud migration:

    Contracts: The contracts offered by cloud providers don’t often incorporate the usual indemnification, limitations of liability or other terms pertaining to privacy and data security that most organizations expect to negotiate into service provider contracts.

    In some instances, the cloud provider may not even be contractually obligated to provide notification of a breach, leaving organizations noncompliant with regulatory and other legal obligations. This means that customers may find themselves facing full liability of a data breach that was arguably not their fault.

    Loss of Control: When working with a cloud provider, organizations often cede control of data and network availability. Some cloud providers store data in multiple jurisdictions, perhaps even transferring data to warehouses in other countries. Privacy regulations differ by country, even by state, and data that is considered compliant in one location may not be in another. Also, in a public cloud, one company’s data may be intermingled with another’s, making it difficult to complete even a simple investigation if a breach does occur.

    Aggregation Risk: Advanced attacks—often referred to as Advanced Persistent Threats (APT)—against large, highly sophisticated technology companies continue to increase. The cloud therefore creates a new aggregation exposure that organizations have not previously faced.

    Cost: No one can dispute the up-front savings that an organization can realize by migrating to the cloud. Potentially, though, there are a number of hidden costs that many may not have considered. For example, what are the costs associated with transferring your data and network to another cloud provider? Other costs that need to be considered include further legal expenditures and tax implications, as well as audit and oversight.

    Data Security: Many organizations fail to realize that it is their responsibility to secure data before sending it to the cloud, as cloud providers generally will not guarantee the security of data stored in their cloud. In fact, most will limit their contractual exposure entirely.

    Making Cloud Computing Work for Your Company

    An organization about to send its precious data to a cloud needs to use the same level of due diligence that it would when constructing a building in a fire, flood or earthquake zone. That analogy is apt because there are many risks and control issues that need consideration if an organization wishes to mitigate as many pitfalls as possible. Some core areas to consider include:

    Privacy by Design: Migration into the cloud environment should be an extension of “privacy by design” principles already in use, since organizations should incorporate privacy requirements during their development of new systems, products, and services. According to the Department of Homeland Security, many organizations now perform a Privacy Impact Assessment—a process that helps identify and reduce the privacy risks of products and services under development.

    Shared Security and Related Responsibilities: Risk managers need to keep in mind the fact that data privacy and security responsibilities begin within their own organization before continuing into the cloud. Vital security controls can be overlooked if the allocation of security responsibilities between the organization and the cloud provider isn’t fully understood.

    Control and Liability: While companies must sacrifice some element of control in order to utilize the benefits of cloud computing, there are best practices that can help mitigate the security concerns as well as the financial risks associated with this loss of control—such as utilizing proper encryption key management to control data access, vigilant monitoring of traffic and activity in their cloud environment, and negotiating rights to audit and access the cloud platform or infrastructure into the contractual agreement.

    Due Diligence and Vendor Management Programs: Increasingly, cloud customers are developing formal due diligence processes and vendor management programs to assess the risks of adopting cloud technology. Common elements include a preliminary data assessment, a security and privacy risk assessment process, and standard contract terms focused on data security and privacy.

    Balancing the Benefits and Risks of the Cloud

    In the not-too-distant future, a majority of companies, both large and small, will likely utilize the cloud for some aspect of their business. The benefits of the cloud are tremendous and impossible to ignore—to do so could put an organization at a considerable competitive disadvantage. However, managing the risk requires careful due diligence and a rational analysis of both cloud provider services and the changing needs of the organization. 

    tag

    Cloud Computing

    Data Security

    Financial

    Weekly Brief

    loading

    Featured Vendor

    • ACTICO: Leveraging AI for Compliance Management
      ACTICO: Leveraging AI for Compliance Management
    Top 10 Compliance Solution Companies - 2020
    ON THE DECK

    Content Management System 2020

    Top Vendors

    Contactless Payments 2020

    Top Vendors

    Admired Tech 2020

    Top Vendors

    Corporate Finance 2020

    Top Vendors

    AI 2020

    Top Vendors

    Travel and Hospitality 2020

    Top Vendors

    Startup 2020

    Top Vendors

    Networking 2020

    Top Vendors

    FinTech 2020

    Top Vendors

    CRM 2020

    Top Vendors

    Scheduling Software 2020

    Top Vendors

    Education 2020

    Top Vendors

    Business Intelligence 2020

    Top Vendors

    PropTech 2020

    Top Vendors

    Salesforce 2020

    Top Vendors

    Big Data 2020

    Top Vendors

    Simulation 2020

    Top Vendors

    Product Management 2020

    Top Vendors

    Legal 2020

    Top Vendors

    Remote Work 2020

    Top Vendors

    Cryptocurrency 2020

    Top Vendors

    CEM 2020

    Top Vendors

    Insurance 2020

    Top Vendors

    Data Center 2020

    Top Vendors

    Banking 2020

    Top Vendors

    RegTech 2020

    Top Vendors

    Wireless 2020

    Top Vendors

    Procurement 2020

    Top Vendors

    Cognitive 2020

    Top Vendors

    Drone 2020

    Top Vendors

    HR Technology 2020

    Top Vendors

    HPC 2020

    Top Vendors

    Pharma and Life Science 2020

    Top Vendors

    SAP 2020

    Top Vendors

    Food and Beverages 2020

    Top Vendors

    Cloud 2020

    Top Vendors

    Blockchain 2020

    Top Vendors

    Cloud 2020

    Top Vendors

    Logistics 2020

    Top Vendors

    Augmented Reality 2020

    Top Vendors

    Contact Center 2020

    Top Vendors

    Oracle 2020

    Top Vendors

    Cyber Security 2020

    Top Vendors

    E-Commerce 2020

    Top Vendors

    Compliance 2020

    Top Vendors

    Enterprise Architecture 2020

    Top Vendors

    Digital Transformation 2020

    Top Vendors

    Manufacturing 2020

    Top Vendors

    Agile 2020

    Top Vendors

    CISCO 2020

    Top Vendors

    Field Service 2020

    Top Vendors

    Contact Center 2020

    Top Vendors

    IoT 2020

    Top Vendors

    Microsoft 2020

    Top Vendors

    Retail 2020

    Top Vendors

    Aviation 2020

    Top Vendors

    Healthcare 2020

    Top Vendors

    IT Service Management 2020

    Top Vendors

    Top Vendors

    Big Data 2019

    Top Vendors

    Digital Signage 2019

    Top Vendors

    Sales Tech 2019

    Top Vendors

    Startup 2019

    Top Vendors

    Salesforce 2019

    Top Vendors

    AI 2019

    Top Vendors

    Google 2019

    Top Vendors

    Smart City 2019

    Top Vendors

    FinTech 2019

    Top Vendors

    Admired Tech 2019

    Top Vendors

    Big Data 2019

    Top Vendors

    IT Services 2019

    Top Vendors

    Business Intelligence 2019

    Top Vendors

    Education 2019

    Top Vendors

    Project Management 2019

    Top Vendors

    Enterprise Asset Management 2019

    Top Vendors

    CRM 2019

    Top Vendors

    Data Center 2019

    Top Vendors

    PropTech 2019

    Top Vendors

    Capital Market 2019

    Top Vendors

    Travel and Hospitality 2019

    Top Vendors

    Legal 2019

    Top Vendors

    IT Infrastructure 2019

    Top Vendors

    Plastic Tech 2019

    Top Vendors

    Facility Management 2019

    Top Vendors

    Fleet Management 2019

    Top Vendors

    CEM 2019

    Top Vendors

    Sensor Tech 2019

    Top Vendors

    RegTech 2019

    Top Vendors

    Marine Tech 2019

    Top Vendors

    Collaboration 2019

    Top Vendors

    Software Testing 2019

    Top Vendors

    Facility Management 2019

    Top Vendors

    Automotive 2019

    Top Vendors

    Food and Beverages 2019

    Top Vendors

    Insurance 2019

    Top Vendors

    HPC 2019

    Top Vendors

    Wireless 2019

    Top Vendors

    Simulation 2019

    Top Vendors

    Corporate Finance 2019

    Top Vendors

    Drone 2019

    Top Vendors

    AI Healthcare 2019

    Top Vendors

    SAP 2019

    Top Vendors

    Procurement 2019

    Top Vendors

    Cyber Security 2019

    Top Vendors

    IBM 2019

    Top Vendors

    Construction 2019

    Top Vendors

    Logistics 2019

    Top Vendors

    Managed Services 2019

    Top Vendors

    Manufacturing 2019

    Top Vendors

    Media and Entertainment 2019

    Top Vendors

    Cloud 2019

    Top Vendors

    Banking 2019

    Top Vendors

    Agile 2019

    Top Vendors

    IT Service Management 2019

    Top Vendors

    Retail 2019

    Top Vendors

    HR Technology 2019

    Top Vendors

    Oracle 2019

    Top Vendors

    Cognitive 2019

    Top Vendors

    Compliance 2019

    Top Vendors

    Contact Center 2019

    Top Vendors

    Healthcare 2019

    Top Vendors

    Gov and Public 2019

    Top Vendors

    Microsoft 2019

    Top Vendors

    Pharma and Life Science 2019

    Top Vendors

    DevOps 2019

    Top Vendors

    E-Commerce 2019

    Top Vendors

    Blockchain 2019

    Top Vendors

    IoT 2019

    Top Vendors

    Metals and Mining 2019

    Top Vendors

    Gamification 2019

    Top Vendors

    Field Service 2019

    Top Vendors

    Augmented Reality 2019

    Top Vendors

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Pinpointing Weak Links in an Enterprise Security Chain: Helping Companies Battle Data and Content Security Challenges

    Pinpointing Weak Links in an Enterprise Security Chain: Helping Companies Battle Data and Content Security Challenges

    Hiro Imamura, SVP and GM, Business Imaging Solutions Group, Canon U.S.A. [NYSE:CAJ]
    Evolving Customer Relationship Management: Move Fast or Die Trying

    Evolving Customer Relationship Management: Move Fast or Die Trying

    Ed Ariel, Vice President of Service Operations, ezCater
    Importance of Customer Relationship Management Implementation

    Importance of Customer Relationship Management Implementation

    Drew Fredrick, Vice President, Home Building Technology, Clayton Homes
    How enterprise tech startups and corporates can collaborate for innovation

    How enterprise tech startups and corporates can collaborate for innovation

    Paul Santos, Managing Partner, Wavemaker Partners
    How an Initiative for Standardization and Modularization Leads to Cost Reduction, Increased Efficiency-and Better Teamwork

    How an Initiative for Standardization and Modularization Leads to Cost Reduction, Increased Efficiency-and Better Teamwork

    Faruk Bilgin, Global Director Manufacturing Engineering of Webasto Group
    Empowering the Retail Paradigm

    Empowering the Retail Paradigm

    Jason Williams, VP of Engineering, DICK’S Sporting Goods
    Fortifying the Retail Pardigm Amidst Uncertainities

    Fortifying the Retail Pardigm Amidst Uncertainities

    Vlad Yakubson, Head of Retail, yd.
    Journey from Intelligent Automation (IA) to Artificial Intelligence (AI)

    Journey from Intelligent Automation (IA) to Artificial Intelligence (AI)

    Sanjay Choubey, VP-IT, Briggs & Stratton
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/balancing-the-benefits-and-risks-of-cloud-computing-nwid-776.html