Solving Cloud Headaches: Addressing the Risk Factor

RISK.

It’s a great catch-all word that encompasses a lot of challenges – and nowhere more so than when you are contemplating your cloud strategy.  There’s no doubt that cloud computing solves a lot of problems that organisations face.  But the benefits are lost if the design, implementation and management cause more issues than they address.

A thorough understanding of cloud and it’s risk concerns – both related directly to security but also to the general risks of any major IT project – is essential before embarking on the cloud journey.  This should form a key part of the initial strategy discussions.

Here are some of the considerations that come to mind for an organisation building or reviewing their cloud strategy. 

Can you build a solution that reduces the risk of errors and is easy to manage?

There is a well documented knowledge gap around cloud skills – and especially security skills – within the industry.  Companies either need to hire expensive resources that specialise in each different area that cloud encompasses – or they need to find away to turn their IT generalists into cloud specialists who understand security, networking, storage and infrastructure.

Do you have a set of processes and procedures that are well documented?

Cloud computing by definition means a shared infrastructure.  Planning and design of how shared resources will cooperate is essential. As is the way in which a breach of one of these resources will affect the rest of the environment.  Making sure everyone is on the same page is critical to the success of your cloud strategy. Clear and well-documented procedures will make it much easier to manage the environment, maintain consistency, keep expert knowledge in-house and build redundancy into your organisation’s skill-set.

Is your design secure and robust?

Cloud security is likely a minefield for most organisations.  There are certainly similar risks to a cloud environment as there is to a traditional environment – but the ways in which these risks are handled are vastly different.  Account hijacking, phishing, malicious and careless staff, Denial of Service Attacks, lack of patching… these are all still relevant, but need to be addressed in a way that recognises the greater connectivity and complexity that can exist in a cloud environment.

Will your data and your customer data be secure?

The introduction of stricter controls around data protection puts greater emphasis on securing organisational data, particularly that which pertains to people. Implementation of Single Sign-on, end-to-end encryption and stringent policies for data access and sharing, should form part of the cloud strategy.

There are obviously many benefits in migrating to the cloud.  Whether you are just beginning, or reviewing your current cloud environment, you need to go in with your eyes wide open.  Ensuring you have the right knowledge will help you to take measures to minimise risks proactively, before it becomes a costly lesson.