As more and more companies migrate their IT infrastructure to the cloud the main cloud-related concerns for businesses continue to be security, data control, and reliability. There are several factors to consider with any technological advancement. Most of these cloud-related concerns are not new and, with well-planned risk management, can be avoided to ensure data is both available and protected.
An ISACA Emerging Technology White Paper notes some common risk factors and solutions businesses should consider when making the move to the cloud.
- Enterprises need to be particular in choosing a provider. Reputation, history and sustainability should all be factors to consider.
- The dynamic nature of cloud computing may result in confusion as to where information actually resides. When information retrieval is required, this may create delays.
- Public clouds allow high-availability systems to be developed at service levels often impossible to create in private networks. The downside to this availability is the potential for commingling of information assets with other cloud customers, including competitors.
Companies should have a risk management program that is able to deal with continuously evolving risks. An experienced provider can deliver useful strategies for mitigating these risks. For example, requirements for disaster recovery should be communicated between the business and the provider. Having a detailed Service Level Agreement will help the company manage its data once it migrates to the cloud as well as outline expectations regarding the handling, usage, storage and availability of information. Companies should also consider their security and management options when choosing a public, private or hybrid cloud. What are the pros and cons of each?
- Pros: Because infrastructure is maintained outside of the organization , public clouds offer the grea level of cost savings and efficiency – provides ability to add capacity as needed. The public cloud has commoditized traditional technology infrastructure.
- Cons: You share this cloud infrastructure with other users, potentially including competitors. Consider the sensitivity of the data to be stored on a public cloud and use encryption where required to protect corporate assets
- Pros: Because infrastructure is maintained on a private network, private clouds offer the grea level of security and control. You own not only the data but the cloud that houses it too.
- Con: Provides lower cost savings than a public cloud, and the infrastructure lifecycle has to be managed.
- Pros: Includes a mix of public and private storage and server infrastructure. Different parts of your business data can be stored on different clouds, ensuring high security or efficiency where needed.
- Con: You have to keep track of multiple platforms and ensure all parts can communicate to each other.
By keeping these factors in mind you can ensure a smooth and successful transition to the cloud with secure and easy access to your data.