Although many vendors are willing to present cloud computing as the perfect solution to all problems (real and imagined), as with all new service delivery mechanisms, it comes along with potential risks that need to be mitigated. If you are evaluating cloud computing for use in your organization, here are some of the most common risks that people fail to identify, assess or mitigate.
Risk #1 – Poor Disaster Recovery
That this is a risk will come as a shock to many people, because the cloud is often touted as the place to get automatic uptime, automatic backups, automatic fail-over and automatic disaster recovery.
The truth is that while cloud computing technologies can provide high availability, high scalability and seamless recoverability, those features are not automatically present in every cloud solution – particularly not the low-end solutions. In other words, don’t be surprised that your $50/month solution does not automatically fail-over your application to some other data center in the event of a major problem. Good disaster recovery (DR) needs to be planned. First, ensure that your cloud provider actually offers DR services and backup services, and then work with them to create a solution for your organization that will address those types of outages that concern you the most.
Risk #2 – Losing Control of Your Data
Studies have shown that most organizations don’t actually know all the places where their business critical data resides. While there are a number of problems that this can lead to, we’ll focus briefly on the potential legal ramifications. Before you place your data in the cloud, make sure you stipulate with the vendor, and obtain in writing, the details of what jurisdiction(s) your data will reside in. You and your organization may not want to have your data inadvertently subject to another nation’s search and seizure laws.
Another, even more common aspect of this risk, especially for Software as a Service (SaaS), is that once you upload your data into a cloud-based CRM, ERP, project management or other type solution, it may not be easy to export the data into a format that is useful elsewhere. Should that cloud vendor go out of business, or move into a direction that you do not appreciate, you’d need to be able to run your business elsewhere, with data that has been generated or modified by their system.
Be sure to look for vendors that allow for industry standard exports into XML, CSV, XLS, various database formats, or other structured formats, and make such exports a part of your weekly/monthly processes.
Risk #3 – Poor Security Practices
Security is one of the biggest concerns that you will hear in relation to cloud computing, but the truth is that putting your data into the cloud does not automatically make it less safe than hosting it internally, nor does it make is automatically more safe. As long as your site can be reached on the internet, there are any number of ways to attack it and attempt to compromise it.
Security is a function of people, processes and technology. Although most of the emphasis tends to be on technology, the real weaknesses are people and procedures. In order to have a secure cloud solution, an organization needs to ensure that it has security-minded people, secure infrastructure, secure applications, and security-focused partners. Depending on the type of cloud services being sought, the burden for facilitating a security environment may fall more on the side of the service provider, or more on the side of the customer, but at the end of the day, it is the customer who is ultimately responsible for the security of the data that is stored.
Organizations need to ensure that their vendors are providing them tools to support security, and that they are making use of those tools to ensure a high level of security. Most breaches don’t occur because of a lack of tools or technology, but because of a failure to implement the tools and technology and procedures available for a safer computing experience.
In order to get the maximum value from their cloud computing experiences, organizations need to pay close attention to these commonly overlooked areas, and ensure that they have an effective strategy in place to mitigate these risks.
Andrew S. Baker is a hands-on architect of advanced technology solutions that increase corporate agility, mitigate business risk, reduce operating costs, and facilitate business growth for organizations in the SMB market. Mr. Baker has served for over 15 years as a trusted technology advisor to small and mid-sized organizations across many verticals, specializing in the areas of technology infrastructure, information security and cloud computing.