The Risks of Cloud Computing

As we emerge from the economic downturn, more and more companies are considering “cloud computing” solutions as a way to keep information technology costs in control.  However, some companies are fearful of the unknown aspects of managing information within the cloud.  These fears may be justified, but they can certainly be alleviated by conducting a thorough risk assessment and vendor due diligence exercise prior to venturing into the cloud.

It all starts with what the company is looking to achieve through cloud computing and whether the investment is worth the risk.  For example, will the application hosted in the cloud be customer facing and subject to strict regulatory standards?  If so, then the risk assessment should include the probability and impact of events such as a data breach or unplanned downtime.

Once the risk assessment has been completed and the investment decision has been made, then a comprehensive due diligence exercise should be conducted.  Some vendors may suggest simply relying on their SAS 70 report from their external auditing firm rather than performing a due diligence exercise.  While SAS 70 reports are useful, they are not specific to the relationship between the two companies.  It is imperative that the following areas are examined in relation to a company’s current information security policies and overall operating expectations.

  1. Organizational and Human Resource Security
  2. Access Control
  3. Asset Management
  4. Physical and Environmental Security
  5. Operations and Change Management
  6. Disaster Recovery and Business Continuity
  7. Privacy
  8. Regulatory Compliance

Like any other partnership or outsourcing agreement, the time to address potential risks and issues with cloud computing is at the very beginning of the relationship.  By doing so, both the company and the vendor will benefit from the opportunity to understand each other’s expectations.  It will also serve as the foundation for a successful cloud computing solution.

If your company would like to learn more about performing a cloud computing risk assessment and due diligence exercise, email us at


About Wheelhouse Advisors
Wheelhouse Advisors LLC is the publisher of The ERM Current™, an online publication and blog dedicated to providing the latest updates on current trends in Enterprise Risk Management & Control. Wheelhouse Advisors provides cost-effective Enterprise Risk Management & Control solutions to both large and mid-size corporations. To learn more about Wheelhouse Advisors, please visit our web site at

One Response to The Risks of Cloud Computing

  1. Janice Taylor-Gaines says:

    Great article highlighting the need for everyone to have a much higher computer/data security awareness. Everyone needs to be a mini-Security Officer today. Check a (free) blog, “The Business-Technology Weave” (can Google to it) – it reflects what this article is saying. The majority of breaches are due to human error, therefore awareness and common sense are key, in supporting all necessary best practices. The blog author also has a book we use at work, “I.T. WARS” (you can Google that too). It has a great Security chapter, and others that treat security. Keep security front and center – a pet concern of mine! Highly recommended. Great stuff.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: