Cloud adoption continues to accelerate due to its ability to enhance business agility, improve financial flexibility and differentiate businesses from their competitors. Yet like any disruptive technology, cloud use also introduces risk that is significant enough to warrant board attention. My recent Journal article discusses 3 critical controls business leaders should deploy to maximize cloud benefits while minimizing business risk:
Aligning cloud programs with strategy—Cloud initiatives aligned with enterprise goals have the potential to accelerate business innovation and uplift customer experiences. To achieve this potential, leaders should start by identifying business challenges and then build cloud solutions to address those needs. Equally important, the board should also approve the migration of high-value applications to public cloud, ensuring that the business is not exposed to risk outside its appetite.
Protecting high-value information—Hardly a week goes by without a major data breach making news headlines. Enterprises are struggling to keep up with relentless and well-resourced cybercriminals. The cloud further complicates this challenge through a number of factors, especially multi-tenancy, unknown cloud risk profiles and shared responsibilities. Furthermore, the sheer size of cloud service providers (CSPs) makes them attractive targets for cybercriminals. The following critical controls can help businesses minimize this ever-increasing threat when adopting cloud:
- Classify information based on business risk, and deploy more resources to protect your “crown jewels.”
- Use private cloud to boost business agility while eliminating multitenancy and shared responsibility concerns.
- Encrypt high-value information hosted in the cloud to maintain confidentiality and privacy.
- Protect high-impact user accounts to minimize inadvertent or malicious breaches.
Minimizing reliance on CSPs—Well architected cloud environments can boost operational stability, as providers offer improved resilience through clustering, replication and high availability. But business leaders should never be complacent. Cloud outages still occur and, due to the dynamic nature of the cloud, their impacts can be substantial. In Australia, this risk was recently brought into sharp focus when Amazon Web Services suffered a significant outage when a major storm swept through New South Wales. To minimize the damage caused by these rare, but high-impact events, business leaders should ask a number of critical questions, including:
- How fast can we migrate critical applications to an alternate provide (cloud or non-cloud) should the provider go under or experience a sustained outage?
- Do we regularly test all plausible cloud disruption scenarios against business-defined recovery time objectives?
Cloud programs managed from the top can catalyze business innovation, promote collaboration and drive business growth.
Read Phil Zongo’s recent Journal article:
“Managing Cloud Risk: Top Considerations for Business Leaders,” ISACA Journal, volume 4, 2016.