Cloud computing and the management of corporate risks
Although the use of cloud computing solutions is on the increase in the IT systems of companies and authorities, at times the clear advantages for the client means that not enough attention is paid to the assessment of the corporate risks involved in cloud computing.
The advantages of the use of these solutions include the ability of the organization to avail itself of IT systems which have sufficient capacity without having to invest heavily in servers, software licenses and updates, start-up projects and maintenance services, among others. Cloud computing follows a pay-per use system according to the volume requested, so the customer only pays for the resources that it actually uses.
The potential risks and concerns that the cloud computing model raises include problems with the availability of the server (interruptions), insufficient security levels and privacy of the data and applications, and also problems with integration of the technology or excessive dependence on the provider. Clients’ exposure to these risks will hinge not only on the service model used (e.g., infrastructure as a service, platform as a service, software as a service) and the implementation model used (public, private, community or hybrid cloud), but also on the solution adopted and the provider that provides the service.
In order to make the most of the advantages offered and neutralize risks, the corporate client should (1) design a corporate policy with the conditions that should be applied when it acquires cloud solutions, (2) carry out a thorough prior assessment of the risks associated with the specific project and establish the necessary measures to mitigate their impact; (3) choose the solution and provider carefully, and (4) negotiate the inclusion of clauses in the contract with the provider that help to offset the risks.