The benefits of doing business on the cloud are compelling — enough that Dell Inc. can justify spending $67 billion to acquire cloud behemoth EMC Corporation in the largest acquisition ever between technology firms. Cloud computing allows you to access software applications and store data on a computer network, replacing the hardware and software many businesses maintain onsite with a virtual system that can be accessed from any network device (desktop, laptop, smartphone, etc.). The benefits of reduced costs, increased storage, and improved agility and flexibility drive more businesses to the cloud every day.
But there are risks, too, and they can be difficult to identify and calculate. Risks in the cloud include data security, service reliability and software capabilities. Taking the following steps can help you manage the risks associated with the cloud.
Manage the risks, reap the rewards
Choose a private cloud rather than a public cloud. Public clouds cost less, but you share a cloud computing environment with other clients or tenants. With a private cloud, the hardware, storage and network are dedicated to your company. Those elements can be designed to ensure high levels of security so that your information cannot be accessed by other clients using the same data center. A private cloud can be configured to achieve compliance with regulatory measures such as the Payment Card Industry (PCI) data security standards, Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA); a public cloud cannot.
Understand which security and compliance responsibilities you retain in-house and which fall to your cloud provider. Essentially, your cloud provider is an extension of your IT department.
Ensure your contract contains a "right to audit" clause that gives your organization the right to have an external auditor verify that your cloud provider is in compliance with the specifications you have provided.
Find out what happens to your data if you and your cloud provider part ways. Does the vendor delete it? Is it deleted securely? What happens if the vendor is acquired or goes out of business?
Learn about service reliability. Investigate the reputation and background of the provider, including how long they've been in business. Ask what steps they take to ensure they won't lose Internet connectivity or suffer power outages. Find out about their disaster recovery plan. If having continual access to your data is essential and any interruption would cause significant harm, consider using redundant systems with different service providers in different locations.
Ask about the provider's policies for updating software and fixing bugs. You could be caught unprepared when a software update occurs suddenly. A single application change can create integration problems with other programs, potentially leading to major disruptions among the most critical business applications. Automation software for business process validation can help ensure that updated applications integrate correctly with others.
Weigh your decision
When deciding to do business on the cloud, it's important to carefully navigate the maze of risk and reward. Many — but not all — businesses will find that ultimately, the rewards outweigh the risks, as long as you exercise due diligence when selecting the provider and negotiate a service agreement that adequately addresses the risks you face.
For more technology related articles, visit California Bank & Trust's Resource Center.[cite::171::cite] [cite::172::cite]