Risks of Cloud Computing Governance - dummies

Risks of Cloud Computing Governance

By Judith Hurwitz, Robin Bloor, Marcia Kaufman, Fern Halper

IT governance is tightly woven with business goals and policies to ensure that services are optimized for customer expectations. Because IT and business goals are tightly woven in a governance strategy, it is important to look at cloud computing governance from a holistic business perspective.

Each industry has a set of governance principles based on its regulatory and competitive environment and its view of risk. There are different levels of risk. In financial services, certain data practices need to be followed. In software development, there are risks associated with getting the product out in the market on time. The healthcare industry has patient privacy concerns.

Deducing IT risk in cloud computing governance

In the heterogeneous IT environment, IT needs to juggle various tasks: meeting customer expectations, optimizing business goals, recognizing resource constraints, and adhering to rules and requirements. The cloud can further complicate this juggling act because it is yet another resource that IT is responsible for. This means that the governing body is responsible for overseeing the provider relationship.

Of course, the level of involvement and risk around governance might vary with how your organization is using the cloud. For example, the cloud can be used in the following ways, each of which you must evaluate separately determine the level of governance that your company feels comfortable with:

  • For temporary computing power

  • As a SaaS model

  • As a platform to build a service

Cloud computing risk list

Consider these risks as you move into the cloud:

  • Audit and compliance risks including issues around data jurisdiction, data access control, and maintaining an audit trail.

  • Security risks including data integrity, data confidentiality, and privacy.

  • Information risks (outside of security), including protection of intellectual property.

  • Performance and availability risks, including availability and performance levels that your business requires to successfully operate.

  • Interoperability risks, which are associated with developing a service that might be composed of multiple services.

  • Contract risks associated with not reading between the lines of your contract.

  • Billing risks associated with ensuring that you’re billed correctly and only for the resources you consume.

If you move into the cloud, you need to trust the cloud provider and every other provider that the cloud provider is working with. Currently, there are no professional standards or laws related to cloud computing.

Managing risk can’t be emphasized enough; unlike internal IT governance where all parties work for the same legal entity, the cloud relationship is with an external provider and governance agreements need to be contractually stated.