Cloud computing is the top technology that is disrupting enterprise and consumer markets around the world, thanks to its ubiquity and widespread usage. Within just a relatively short period of time, cloud computing has accelerated in implementation, becoming a key part of IT and business strategy. In the near future, cloud computing will continue to enable the integration of emerging technologies and shape new business models as a strategic advantage.
As the industry matures, there has been a rapid expansion in service offerings. The large cloud service providers (CSPs) that entered the market with SaaS offerings, e.g., Salesforce.com, are integrating backwards into PaaS, with Salesforce.com’s PaaS offering. Likewise, Amazon Web Services (AWS), which started off largely as an IaaS provider, now offers not only PaaS but also SaaS solutions. From a risk perspective, there is some gradient across the different service models, but the deployment model is where the risks vary widely. However, while cloud computing provides many benefits, at the same time, it introduces major risks on several crucial fronts that need to be governed and managed by user organizations. Well-managed organizations must understand and mitigate these risks to better leverage their cloud computing initiatives. Five major risks are:
Why companies look up to the cloud Organizations can realize significant benefits by leveraging cloud computing in their technology and business processes, namely, scalability, flexibility, and lower capital investment. There are many small and medium enterprises that have been using the cloud exclusively and have no on-premises servers and related assets. Interestingly, one of the first large companies to shut down its last data center was Netflix in 2015.
However, organizations need to be careful. Much like a failed investment or a poor business decision, not knowing or miscalculating the far-reaching implications of such disruptive technology can leave organizations irrelevant and struggling to keep up. In the last few years, the popular notion was that public cloud is inherently risky, and risk management for cloud computing is primarily the responsibility of CSPs. However, with CSPs increasing their focus on risk management in the last few years, they have thrived.
According to a Cloud Security Alliance survey, The Cloud Balancing Act for IT: Between Promise and Peril, about 65 percent of IT leaders surveyed think that the cloud is as secure or more secure than on-premises software. This fact is also reinforced by industry surveys, including KPMG’s 2015 – 2016 Higher Education Industry Outlook survey, where a majority of higher education administrators are comfortable using the cloud and data protection assurance provided by CSPs. In fact, one of the greatest barriers to adoption has become the lack of clear understanding of the shared-responsibility model under cloud computing.
According to the same survey from Cloud Security Alliance, the top barrier to stopping data loss in the cloud is a lack of skilled security professionals. It is relatively easy for untrained public cloud users to expose their organization to significant direct risks such as financial loss or indirect risks such as loss of reputation. That is why each organization must understand and mitigate the risks associated with cloud computing.