Cloud: A risk/reward proposition

Share this article:
Cloud: A risk/reward proposition
Cloud: A risk/reward proposition
Is going to the cloud worth it? Even with today's tough economic conditions, many IT and business executives wonder whether the cost, flexibility and efficiency advantages of migrating to the cloud are worth the risks.

A recent report by ISACA, an IT governance association, found that 41 percent of U.S. professionals believe the risks of cloud computing outweigh the benefits. The United States is not alone. Canada came in at 42 percent on the same question, and the U.K. at 47 percent. The most frequently cited concerns focused on security, privacy and lack of control over data and compliance issues.

Still, the benefits are pretty impressive. The cloud provides enterprises with the elasticity and flexibility to access IT services they need during peak periods, without investing heavily in hardware that is only needed sporadically or seasonally. As quicker and more effective and efficient applications arrive in the enterprise, cloud providers are often better equipped to handle that transition. Providers also can achieve better economies of scale across their customer base, while keeping pace with the latest technology innovations.

Yet, the cloud has its dark side. In today's environment of hacker attacks, phishing expeditions and downright nasty malware, risk management is at the forefront of any enterprise cloud computing implementation. The idea of an enterprise's data being outside of its complete control may be a difficult concept for decision-makers to overcome.

That's why smart companies assess what level of risk is acceptable to their businesses, and then determine which cloud approach is best – public, private or hybrid.

For some companies, a public cloud strategy may be the best idea, enabling them to get out of the IT bits and bytes business altogether and have a third-party vendor handle all of their infrastructure needs. Other companies, concerned with regulatory issues – such as Sarbanes-Oxley and HIPAA in the United States and the Data Protection Act in Canada – may opt for a private cloud approach.

However, many may prefer a hybrid course. This places fewer mission-critical applications in a public cloud, as those that offer a competitive advantage or require higher security needs can be placed in a private cloud environment – all with a common “cloud management umbrella” so the customer has greater visibility and monitoring capabilities. It may also include keeping some legacy applications running where they are.

Companies also must address the unique needs of their data-centric security models. As part of defining optimal workload placement, they must examine the individual elements that comprise information within the enterprise. Doing so enables them to address the key security, visibility and compliance issues an enterprise should consider during cloud migration. It is also critical to classify the types of data that should be placed in the cloud, as well as how to structure the assets' lifecycle management process to maximize the benefits of the cloud.

The cloud is not going away – even with the concerns about security, visibility and compliance. The ISACA survey found the percentage of respondents whose organizations now use the cloud has spiked from 16 percent in 2010 to 26 percent in 2011.The trend to increase use of some form of a cloud delivery model is expected to accelerate into 2012 and beyond.

Cloud computing obviously will continue to grow as enterprises look to gain cost, flexibility and efficiency advantages. The companies which are best able to balance the risks with the benefits are the ones which will be able to leverage their IT resources as a competitive advantage in today's downtrodden economy.


Siobhan Byron is president of Forsythe Technology Canada, an IT infrastructure integrator.

This article originally appeared in the October edition of SC Magazine.

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.