D.

Risks and Controls

The role of cloud computing is to use of the resources such as servers, storage, networking,

and software over the Internet. Cloud computing is like a necessity nowadays due to the fact

that technology has a great impact on business nowadays is evident since in the future

everyone will be relying on cloud computing to perform the business or non-business related

tasks. Although cloud computing provides many benefits, it is also important to consider the

accompanying risk of it since it cannot be prevented.  It is important to consider the risks

associated with cloud adoption specific to their missions, systems, and data such as:

Data security

Although cloud service providers implement the best security standards to store important

information. It can be associated with loss, leakage, or unavailability of data. The data security

becomes particularly serious in the cloud computing environment because data are scattered in

different machines and storage devices that can cause a loss in revenue, business interruption,

loss of reputation, or regulatory incompliance. By securing these systems it involves the efforts

of cloud providers and the usage of clients whether it is an individual, small to medium business,

or enterprise.

To control the risk, the provider must assure its users that appropriate measures are in place.

There are variety of controls related to the basics of data center security, such as establishing

physical security perimeters and establishing policies and procedures related to physical

security within the data center. It also includes sanitizing stored data, a goal that many

enterprises achieve by encrypting stored data and protecting the secret key from discovery. IT

managers should know the physical security policies and ensure that unauthorized parties

cannot physically access the organization’s resources by storing in secure locations and have a

back up to protect against threats

Vendor Lock-in

Organizations may face problems when transferring their services from one vendor to another

since it involves moving data to a totally different type of environment and may involve

reformatting the data. Hosting and running the applications of the current cloud platform on

some other platform may cause support issues, configuration complexities, and additional

expenses. The data might also be left vulnerable to security attacks due to compromises that

might have been made during migrations. Vendor lock-in is usually the result of proprietary

technologies that are incompatible with those of competitors. However, it can also be caused by

inefficient processes or contract constraints, among other things.  

The companies should evaluate the cloud services carefully and research a cloud vendor by

having a proof-of-concept deployment before they make a commitment to it in order to make

sure that the service is sufficient enough. Having a backup of all the data can help the business

stay ready to store the data in other cloud service and ensuring that the data can be moved

easily by keeping data in formats that are usable across a variety of platforms.

Technology risk

As technology improves, and protection systems evolve, cyber-criminals have also come up

with new techniques to deliver malware targets. Since there are many organizations are putting

so much sensitive data into cloud environments, they have inevitably become targets for

malicious attackers. Identity theft is one thing that can make the client worried about, and it

became more sensitive when Cloud Computing implementation encounters the security

problems that could lead to costly rearchitected efforts for adoption or integration with new

technology.
Legal Risk

Organizations must also be aware of any regulatory or compliance considerations associated

with sharing their data. Even as key processes and data storage are outsourced, companies still

bear the full responsibility to comply with applicable laws and regulations including protecting

their customer’s sensitive data. If a company outsources the processing or storage of data that it

is required to protect, then it is relying on a cloud service provider to maintain their compliance.

It does not have adequate legal protections, then it may be liable when there is a data breach at

the cloud service that exposes the company’s data. Many organizations find it difficult or even

impossible to achieve compliance while using cloud architecture. IT leaders should thoroughly

research any applicable regulations before planning a cloud migration.

  To mitigate this risk, companies should always use authentication systems for all the sensitive

data in the firm. Even tech giants like Facebook have been victims of resource exploitation due

to user error or misconfigurations. Keeping employees informed about the dangers and risks of

data sharing is of at most importance. A majority of companies have already established privacy

and compliance policies to protect their assets. In addition to these rules, they should also

create a framework of governance that establishes authority and a chain of responsibility in the

organization.A well-defined set of policies clearly describes the responsibilities and roles of each

employee. It should also define how they interact and pass information.

Organizations should have established privacy and compliance policies to protect their assets.

They should also create a framework of governance that establishes authority and a chain of

responsibility in the organization.

Financial Risk
Financial risk can be associated with overspending and loss of revenue. Organizations may

have underestimated the cost of running up the cloud and requirements from the business.

If cloud environments are down for hours or days, this could adversely impact a business’ ability

to perform analytics or reporting and thus may affect revenue opportunities.

To offset possible lost revenues, most cloud providers will sign up for availability SLAs and

associated penalties (usually redeemable as service credits).

Companies accused of data breach also typically provide consumer credit monitoring services for up to
one year. According to

According to the North Bridge and Wikibon’s Future of Cloud Computing Survey in December

2015, the cost of cloud services is three times as likely to be a concern today versus five years

ago.

Operational Risk

Operational risk can be associated with execution of IT services and tasks that the business

relies on. Migrating to the cloud introduce complexity into IT operations. Key management and

encryption services become more complex in the cloud. Cloud service providers typically offer

different services, techniques, and tools available to log and monitor cloud services which

further increasing complexity. Hybrid cloud implementations may also face emergent

threats/risks as a result of technology, policies, and implementation methods, all of which add

complexity. As a result of the increased complexity, there is a greater risk of security gaps in

cloud and on-premises implementations.

Organizations must tailor and modify their old risk frameworks to meet their cloud strategy.

Cloud service provider must also perform proper due diligence to determine if they have the

capabilities to meet the organization’s cloud vision and for the organization to understand the

potential risks associated with the provider. With the move to the cloud, a new approach known

as DevOps has emerged, in which development and operations responsibilities are merged.

This virtually removes the lengthy queue and development times to create more efficient

integration and deployment experiences. 

https://www.linkedin.com/pulse/cloud-computing-what-does-mean-operational-risk-the-institute
REFERENCE:
https://www.compuquip.com/blog/cloud-security-challenges-and-risks
https://www.nutanix.com/theforecastbynutanix/technology/four-biggest-risks-of-cloud-
computing-and-how-to-mitigate-them
https://webobjects.cdw.com/webobjects/media/pdf/Solutions/Cloud-Computing/151383-
Mitigating-Risk-in-the-Cloud.pdf?fbclid=IwAR28xglMVEp-Fp00ng40lpVQlgMD2-YQpK-
bq8FZxRyndezmcImT0oer1a4