Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Google

    HP

    IBM

    Intel

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • DevOps
    • Automotive
    • FinTech
    • Robotics
    • SAP
    • Amazon
    • Big Data
    • Education
    • HPC
    • Simulation
    • CISCO
    • Web Development
    • AI
    • EPM
    • ERP
    • Project Management
    • Salesforce
    • Sports
    • Travel and Hospitality
    • Unified Communication
    • IT Services
    More
    HPC Simulation CISCO Web Development AI EPM ERP Project Management Salesforce Sports Travel and Hospitality Unified Communication IT Services
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    right

    Balancing the Benefits and Risks of Cloud Computing

    By Toby Merrill, Division SVP, Global Cyber Risk Practice Leader, ACE Group

    Tweet
    content-image

    Toby Merrill, Division SVP, Global Cyber Risk Practice Leader, ACE Group

    Cloud computing has become, among other things, a buzzword nearly everyone is familiar with, but very few truly understand. Even fewer grasp all its implications for the future—largely because they are not yet completely clear, much less visible. The reason? As a technology, cloud computing is still closer to the infancy of its development. As a result, many of its benefits have not been fully realized, and its many risks are largely unknown.

    What is clear, however, is that “the Cloud” is poised to do nothing less than redefine and take over the IT landscape and, with it, the way every company around the world does business.

    Most companies are very familiar with the potential benefits of outsourcing their computing to the cloud, including speed, security, backup, reduced infrastructure costs, increased capacity, scalability, availability, geography, mobility and, in some cases, regulatory compliance. However, many companies are not as familiar with the new risks this evolution in technology has introduced.

    The tremendous benefits of cloud computing are accompanied by a host of perils, including data security, privacy, contractual, aggregation, hidden costs, and business interruption—all of which have the potential for significant financial liability. Unfortunately, the decision to move to the cloud is often made before these risks are properly communicated and considered. CIOs should be working in close partnership with their company’s risk management departments to properly assess and mitigate these risks. With the cloud, it is not just the risk manager’s responsibility to mitigate these dangers. As every employee interacts with and uses data constantly—from the CIO to the board to the new associate just out of college—everyone in the organization needs to have some awareness of data security measures.

    “Managing the risks of the cloud require careful due diligence and a rational analysis of both cloud provider services and the changing needs of the organization”

    What are the Risks of Cloud Computing?

    Being aware of the potential risks, practicing due diligence when hiring cloud computing service providers, and implementing comprehensive risk management programs are steps that are more than recommended; they are essential. Though certainly not all encompassing, there are five core areas deserving of careful consideration by any enterprise contemplating a cloud migration:

    Contracts: The contracts offered by cloud providers don’t often incorporate the usual indemnification, limitations of liability or other terms pertaining to privacy and data security that most organizations expect to negotiate into service provider contracts.

    In some instances, the cloud provider may not even be contractually obligated to provide notification of a breach, leaving organizations noncompliant with regulatory and other legal obligations. This means that customers may find themselves facing full liability of a data breach that was arguably not their fault.

    Loss of Control: When working with a cloud provider, organizations often cede control of data and network availability. Some cloud providers store data in multiple jurisdictions, perhaps even transferring data to warehouses in other countries. Privacy regulations differ by country, even by state, and data that is considered compliant in one location may not be in another. Also, in a public cloud, one company’s data may be intermingled with another’s, making it difficult to complete even a simple investigation if a breach does occur.

    Aggregation Risk: Advanced attacks—often referred to as Advanced Persistent Threats (APT)—against large, highly sophisticated technology companies continue to increase. The cloud therefore creates a new aggregation exposure that organizations have not previously faced.

    Cost: No one can dispute the up-front savings that an organization can realize by migrating to the cloud. Potentially, though, there are a number of hidden costs that many may not have considered. For example, what are the costs associated with transferring your data and network to another cloud provider? Other costs that need to be considered include further legal expenditures and tax implications, as well as audit and oversight.

    Data Security: Many organizations fail to realize that it is their responsibility to secure data before sending it to the cloud, as cloud providers generally will not guarantee the security of data stored in their cloud. In fact, most will limit their contractual exposure entirely.

    Making Cloud Computing Work for Your Company

    An organization about to send its precious data to a cloud needs to use the same level of due diligence that it would when constructing a building in a fire, flood or earthquake zone. That analogy is apt because there are many risks and control issues that need consideration if an organization wishes to mitigate as many pitfalls as possible. Some core areas to consider include:

    Privacy by Design: Migration into the cloud environment should be an extension of “privacy by design” principles already in use, since organizations should incorporate privacy requirements during their development of new systems, products, and services. According to the Department of Homeland Security, many organizations now perform a Privacy Impact Assessment—a process that helps identify and reduce the privacy risks of products and services under development.

    Shared Security and Related Responsibilities: Risk managers need to keep in mind the fact that data privacy and security responsibilities begin within their own organization before continuing into the cloud. Vital security controls can be overlooked if the allocation of security responsibilities between the organization and the cloud provider isn’t fully understood.

    Control and Liability: While companies must sacrifice some element of control in order to utilize the benefits of cloud computing, there are best practices that can help mitigate the security concerns as well as the financial risks associated with this loss of control—such as utilizing proper encryption key management to control data access, vigilant monitoring of traffic and activity in their cloud environment, and negotiating rights to audit and access the cloud platform or infrastructure into the contractual agreement.

    Due Diligence and Vendor Management Programs: Increasingly, cloud customers are developing formal due diligence processes and vendor management programs to assess the risks of adopting cloud technology. Common elements include a preliminary data assessment, a security and privacy risk assessment process, and standard contract terms focused on data security and privacy.

    Balancing the Benefits and Risks of the Cloud

    In the not-too-distant future, a majority of companies, both large and small, will likely utilize the cloud for some aspect of their business. The benefits of the cloud are tremendous and impossible to ignore—to do so could put an organization at a considerable competitive disadvantage. However, managing the risk requires careful due diligence and a rational analysis of both cloud provider services and the changing needs of the organization. 

    Read Also

    How GDPR can open opportunities for APAC businesses

    How GDPR can open opportunities for APAC businesses
    Keeping Pace with Technology

    Keeping Pace with Technology
    Adventures In Sourcing Compliance And Risk Systems

    Adventures In Sourcing Compliance And Risk Systems
    Customer Data: The New Compliance Frontier

    Customer Data: The New Compliance Frontier
    Top 25 Compliance Solution Providers - 2018

    Top 25 Compliance Solution Providers - 2018

     Top 25 Compliance Solution Providers - 2017

    Top 25 Compliance Solution Providers - 2017

     25 Most Promising Compliance Solution Providers

    25 Most Promising Compliance Solution Providers

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    Compliance Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/balancing-the-benefits-and-risks-of-cloud-computing-nwid-776.html