APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Blockchain

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    Remote Work

    Singapore Startups

    Smart City

    Software Testing

    Startup

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Retail

    Travel and Hospitality

  • Dell

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Gamification

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • Compliance
    • Software Testing
    • Procurement
    • Managed Services
    • Cyber Security
    • Gamification
    • Blockchain
    • CRM
    • E-Commerce
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    The Hard Case For Investing In Compliance

    Alexander Maclean, Global Head Of Regulatory Compliance / Chief Compliance Officer, Aegon [Ams: Agn]

    Compliance , Regulatory Affairs, Contract Management

    Charles Hammersla, Head Of Facilities Management – Nab, Cushman & Wakefield [Nyse: Cwk]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    right

    Balancing the Benefits and Risks of Cloud Computing

    Toby Merrill, Division SVP, Global Cyber Risk Practice Leader, ACE Group

    Tweet
    content-image

    Toby Merrill, Division SVP, Global Cyber Risk Practice Leader, ACE Group

    Cloud computing has become, among other things, a buzzword nearly everyone is familiar with, but very few truly understand. Even fewer grasp all its implications for the future—largely because they are not yet completely clear, much less visible. The reason? As a technology, cloud computing is still closer to the infancy of its development. As a result, many of its benefits have not been fully realized, and its many risks are largely unknown.

    What is clear, however, is that “the Cloud” is poised to do nothing less than redefine and take over the IT landscape and, with it, the way every company around the world does business.

    Most companies are very familiar with the potential benefits of outsourcing their computing to the cloud, including speed, security, backup, reduced infrastructure costs, increased capacity, scalability, availability, geography, mobility and, in some cases, regulatory compliance. However, many companies are not as familiar with the new risks this evolution in technology has introduced.

    The tremendous benefits of Cloud Computing are accompanied by a host of perils, including data security, privacy, contractual, aggregation, hidden costs, and business interruption—all of which have the potential for significant financial liability. Unfortunately, the decision to move to the cloud is often made before these risks are properly communicated and considered. CIOs should be working in close partnership with their company’s risk management departments to properly assess and mitigate these risks. With the cloud, it is not just the risk manager’s responsibility to mitigate these dangers. As every employee interacts with and uses data constantly—from the CIO to the board to the new associate just out of college—everyone in the organization needs to have some awareness of data security measures.

    “Managing the risks of the cloud require careful due diligence and a rational analysis of both cloud provider services and the changing needs of the organization”

    What are the Risks of Cloud Computing?

    Being aware of the potential risks, practicing due diligence when hiring cloud computing service providers, and implementing comprehensive risk management programs are steps that are more than recommended; they are essential. Though certainly not all encompassing, there are five core areas deserving of careful consideration by any enterprise contemplating a cloud migration:

    Contracts: The contracts offered by cloud providers don’t often incorporate the usual indemnification, limitations of liability or other terms pertaining to privacy and data security that most organizations expect to negotiate into service provider contracts.

    In some instances, the cloud provider may not even be contractually obligated to provide notification of a breach, leaving organizations noncompliant with regulatory and other legal obligations. This means that customers may find themselves facing full liability of a data breach that was arguably not their fault.

    Loss of Control: When working with a cloud provider, organizations often cede control of data and network availability. Some cloud providers store data in multiple jurisdictions, perhaps even transferring data to warehouses in other countries. Privacy regulations differ by country, even by state, and data that is considered compliant in one location may not be in another. Also, in a public cloud, one company’s data may be intermingled with another’s, making it difficult to complete even a simple investigation if a breach does occur.

    Aggregation Risk: Advanced attacks—often referred to as Advanced Persistent Threats (APT)—against large, highly sophisticated technology companies continue to increase. The cloud therefore creates a new aggregation exposure that organizations have not previously faced.

    Cost: No one can dispute the up-front savings that an organization can realize by migrating to the cloud. Potentially, though, there are a number of hidden costs that many may not have considered. For example, what are the costs associated with transferring your data and network to another cloud provider? Other costs that need to be considered include further legal expenditures and tax implications, as well as audit and oversight.

    Data Security: Many organizations fail to realize that it is their responsibility to secure data before sending it to the cloud, as cloud providers generally will not guarantee the security of data stored in their cloud. In fact, most will limit their contractual exposure entirely.

    Making Cloud Computing Work for Your Company

    An organization about to send its precious data to a cloud needs to use the same level of due diligence that it would when constructing a building in a fire, flood or earthquake zone. That analogy is apt because there are many risks and control issues that need consideration if an organization wishes to mitigate as many pitfalls as possible. Some core areas to consider include:

    Privacy by Design: Migration into the cloud environment should be an extension of “privacy by design” principles already in use, since organizations should incorporate privacy requirements during their development of new systems, products, and services. According to the Department of Homeland Security, many organizations now perform a Privacy Impact Assessment—a process that helps identify and reduce the privacy risks of products and services under development.

    Shared Security and Related Responsibilities: Risk managers need to keep in mind the fact that data privacy and security responsibilities begin within their own organization before continuing into the cloud. Vital security controls can be overlooked if the allocation of security responsibilities between the organization and the cloud provider isn’t fully understood.

    Control and Liability: While companies must sacrifice some element of control in order to utilize the benefits of cloud computing, there are best practices that can help mitigate the security concerns as well as the financial risks associated with this loss of control—such as utilizing proper encryption key management to control data access, vigilant monitoring of traffic and activity in their cloud environment, and negotiating rights to audit and access the cloud platform or infrastructure into the contractual agreement.

    Due Diligence and Vendor Management Programs: Increasingly, cloud customers are developing formal due diligence processes and vendor management programs to assess the risks of adopting cloud technology. Common elements include a preliminary data assessment, a security and privacy risk assessment process, and standard contract terms focused on data security and privacy.

    Balancing the Benefits and Risks of the Cloud

    In the not-too-distant future, a majority of companies, both large and small, will likely utilize the cloud for some aspect of their business. The benefits of the cloud are tremendous and impossible to ignore—to do so could put an organization at a considerable competitive disadvantage. However, managing the risk requires careful due diligence and a rational analysis of both cloud provider services and the changing needs of the organization. 

    tag

    Cloud Computing

    Data Security

    Financial

    Weekly Brief

    loading
    Top 10 Compliance Solutions Companies - 2022

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    ON THE DECK

    Compliance 2022

    Top Vendors

    Compliance 2021

    Top Vendors

    Compliance 2020

    Top Vendors

    Compliance 2019

    Top Vendors

    Compliance 2018

    Top Vendors

    Compliance 2017

    Top Vendors

    Compliance 2016

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Deliver Resiliency with Managed Services

    Deliver Resiliency with Managed Services

    Edy Salim, Head of Technology Services & Enterprise Architecture, PT Adira Dinamika Multifinance Tbk
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, CIO and Director, BT
    How to align Supply Chain with Corporate Strategy

    How to align Supply Chain with Corporate Strategy

    Chanaka Rathnayake, Senior Production Manager (Packaging) at The HEINEKEN Company
    A dose of our own medicine

    A dose of our own medicine

    SABINA JANSTROM, IT DIRECTOR, DYNO NOBEL
    Insider Threat

    Insider Threat

    AI is America's best weapon for disrupting health inequities

    AI is America's best weapon for disrupting health inequities

    Michael Dowling, President & Ceo, Northwell Health and Tom Manning, Chairman, Ascertain
    Combating IoT Challenges with Smart Choices

    Combating IoT Challenges with Smart Choices

    Sandeep Babbar, Head Of Technology Innovation, Gwa Group Limited
    Artificial Intelligence regulations and its impact on medical devices

    Artificial Intelligence regulations and its impact on medical devices

    Leo Hovestadt, Director Quality Assurance Elekta
    Loading...

    Copyright © 2023 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/balancing-the-benefits-and-risks-of-cloud-computing-nwid-776.html