Cloud Computing and Enterprise Risk Management 

May, 2013 -

Although we observed a increasingly widespread use of computer-based solutions in the cloud ( cloud computing ) in the information systems of companies and administrations, sometimes the obvious advantages it brings to the customer do not pay the necessary attention to the assessment of corporate risks that can generate its adoption.

Among the advantages, the use of these solutions allows the organization to have some information systems with sufficient capacity without having to pay big investments in servers, software licenses and updates, projects implementation and maintenance services, among others. Computer resources are consumed in the volume requested by the client (on demand), measuring the consumption for that billing consumed fits what (pay per use).

As potential risks and concerns raised by the model cloud , can be cited possible service availability problems (interruptions), insufficient levels of security and privacy of data and applications and technology integration problems or excessive dependence on the provider. Customer exposure to these risks will depend not only on the type of service (Infrastructure as a Service, Platform as a Service, Software as a Service, etc.) and the implementation model ( cloud public, private, community, or hybrid), but also the solution adopted and providing service provider.

To take advantage and neutralize or minimize risks, the corporate customer should (1) design a corporate policy with the conditions to be applied to hiring solutions cloud , (2) conduct a preliminary assessment of the risks associated strictly to the particular project and set steps to mitigate, (3) carefully selecting the solution and the provider , and (4) negotiating the inclusion in the contract clauses provider that will help mitigate the risks .



WSG Member: Please login to add your comment.