One of the key points outlined in the summary of findings section was the significant underlying concern there is about the security of, and accountability for, the data and information held in/passing through IT systems. The summary leads on to say – “With that in mind service providers have work to do in convincing many Socitm members that their personal and corporate business risks are not increased by using Cloud services by a degree that outweighs any benefits the solutions offer to personal and corporate interests in other respects”.
In our view as Cloud service technology matures some risks will diminish however if a member organisation does the foundational work correctly then a risk assessment leading to the establishment of appropriate IT Policies will help shape the type of Cloud service it procures plus address governance and security risk mitigations, who has access to your data and the level of protections applied to it. These security considerations should then be defined in a service level agreement.
The key areas of risk to consider can be headlined under the following –
- Maintaining business availability, functionality and continuity. Data protection from unauthorised access by third parties.
- Data protection from unauthorised access by customers of the same service provider.
Once a comprehensive set of IT Policies has been established an organisation has taken the first step in a security lifecycle which drives improvement in operational procedures and governance. This also helps to ensure that the security controls put in place with a service provider don’t loosen over time, through periodic audit and monitoring components of the cycle.
The service provider will need to convince members that personal and corporate business risks are not increased. This is a necessary step in the decision process, however you may also never get to realise the full potential of a Cloud computing service unless the appropriate IT Policies are set to protect your organisation.
To obtain our Cloud Service Risk Check List click here.