Cloud computing is driving digital transformation across the public and private sectors. Enterprises far and wide have integrated cloud computing solutions to maintain a competitive edge, while others are just getting started to keep up with the pace of change. To put this into perspective, figures from a study by Gartner estimate the worldwide public cloud services market will grow by 17.33 percent to total $206.2 billion, up from $175.8 billion in 2018. Interesting to note is that, the research and advisory firm believes the fastest growing segment of the market will be the Infrastructure-as-a-Service (IaaS), projected to grow by 27.6% in 2019 to reach $39.5 billion, up from $31 billion in 2018.
Another study by IDC projects the total spending on IT infrastructure products (think server, enterprise storage, and Ethernet switches) for deployment in cloud environments will experience a 10.9 percent year-over-year growth rate. In fact, in the long-term, IDC believes spending on off-premises cloud IT infrastructure will grow at a five-year compound annual growth rate (CAGR) of 10.8% .
It’s clear from the statistics above that cloud computing is growing at a rapid rate as it presents organizations with numerous benefits; among them lower cost, faster time to market, and increased employee productivity. However, the risks of cloud computing is a key concern for enterprises when it comes to cloud adoption.
Through this article we aim to assess some of the risks of cloud computing and also discuss some of the ways organizations are exposing themselves to these risks.
1. Security and Regulatory Risk
According to numbers from the Cloud Security Alliance survey The Cloud Balancing Act for IT: Between Promise and Peril, a majority of companies (67.8%) say the primary challenge to moving system of record to the cloud was the ability to enforce their corporate security policies. Besides cyber-attacks, most of these companies (61.2%) also note compliance with regulations as a major hurdle to cloud adoption.
Organizations associate data security and regulatory cloud computing risk with leakage, loss or unavailability of data. This can result in business interruption, loss of revenue, loss of reputation, or regulatory non-compliance.
2. Ever-Changing Technological Features
The proliferation of new technological features (think new security & control features, IoT, blockchain, etc.) and lack of standardization in how they interoperate means that enterprises are faced with technology risk when it comes to cloud computing adoption. As a result, this could lead to expensive re-architecture efforts for adoption or integration with new technology.
For instance, the technology risks of cloud computing in regards to a public cloud, means that enterprises will have to re-architect their cloud applications constantly thanks to ever-changing technological features. This can sometime be a challenge especially where an enterprise’s cloud architecture was defined before advanced security and control features were introduced, and the organization had not updated its cloud architecture to take advantage of these new features offered by the vendor.
3. Shadow IT
Many organizations are recognizing the advantages of “bring your own cloud (BYOC)” and this has led to the dramatic rise of new applications in the workplace that help employees be more productive. In other words, this is termed as “shadow IT”.
Employees use these apps to help them be better at their roles but it can prove risky especially if employees store corporate data in these unsecured apps. Data from a report by the Ponemon Institute titled- The Insider Threat of Bring Your Own Cloud (BYOC), shows that a majority of IT and security leaders don’t have any idea how serious the problem of BYOC is within their own organizations. They don’t have a clue about what applications and cloud computing services employees are using, and, what’s more startling is that they don’t know what information is exposed, where it is going, and with whom it is being shared.
Some of the risks of cloud computing that can arise from “Shadow IT” include: contractual breaches with clients or business partners, malware infections that can unleash a targeted attack, loss of intellectual property, reduced customer trust which can lead to increased customer churn, revenue losses, among others.
How to Combat the Risks of Cloud Computing
There is no denying that cloud computing is the number one technology that is revolutionizing consumer markets and enterprises largely due to its widespread usage and ubiquity. The challenges of managing various critical cloud computing assets, including finding enough cloud computing talent, has resulted to the mercurial rise of cloud computing services: everything from infrastructure-as-a-service (IaaS) to platform-as-a-service (PaaS), to fully-managed software-as-a-service, the important applications used by companies.
Despite this growth in cloud adoption, organizations need to understand and accept the risks of cloud computing. They need to have a solid plan in place to prevent some of these risks of cloud computing. The plan should ensure that:
- They have someone who is responsible for cloud computing strategy, and that it is aligned with the business strategy.
- Security and cloud computing risk professionals are involved in cloud governance.
- Cloud management processes are well designed in a way that enterprise users can follow them, that is, they should be simple and repeatable.
- Organizations are aware of the various tools, techniques, and other automation resources available to harness the full power of cloud computing.
- Organizations understand the data protection requirements of their stakeholders (think clients, regulators, etc.)
- Organizations understand the third parties that host their data, and make sure they are protecting it in accordance with their data protection requirements.
- Internal audit and risk management departments are prepared to lead the organization on the cloud computing journey.