Your SlideShare is downloading. ×
  • Like

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Mitigating Common Cloud Risks


In this Focus Whitepaper, Andrew S. Baker discusses some of the most common risks that people fail to identify, assess, or mitigate.

In this Focus Whitepaper, Andrew S. Baker discusses some of the most common risks that people fail to identify, assess, or mitigate.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Mitigating Common Cloud Risks Focus Research ©2012 All Rights Reserved
  • 2. Mitigating Common Cloud RisksAlthough many vendors are willing to present cloud computing as the perfect solution to all problems (realand imagined), as with all new service delivery mechanisms, it comes along with potential risks that needto be mitigated. If you are evaluating cloud computing for use in your organization, here are some of themost common risks that people fail to identify, assess or mitigate.Risk #1 – Poor Disaster RecoveryThat this is a risk will come as a shock to many people, because the cloud is often touted as the place toget automatic uptime, automatic backups, automatic fail-over and automatic disaster recovery.The truth is that while cloud computing technologies can provide high availability, high scalability andseamless recoverability, those features are not automatically present in every cloud solution – particularlynot the low-end solutions. In other words, don’t be surprised that your $50/month solution does notautomatically fail-over your application to some other data center in the event of a major problem. Gooddisaster recovery (DR) needs to be planned. First, ensure that your cloud provider actually offers DRservices and backup services, and then work with them to create a solution for your organization that willaddress those types of outages that concern you the most.Risk #2 – Losing Control of Your DataStudies have shown that most organizations don’t actually know all the places where their businesscritical data resides. While there are a number of problems that this can lead to, we’ll focus briefly onthe potential legal ramifications. Before you place your data in the cloud, make sure you stipulate withthe vendor, and obtain in writing, the details of what jurisdiction(s) your data will reside in. You and yourorganization may not want to have your data inadvertently subject to another nation’s search and seizurelaws.Another, even more common aspect of this risk, especially for Software as a Service (SaaS), is that onceyou upload your data into a cloud-based CRM, ERP, project management or other type solution, it maynot be easy to export the data into a format that is useful elsewhere. Should that cloud vendor go out ofbusiness, or move into a direction that you do not appreciate, you’d need to be able to run your businesselsewhere, with data that has been generated or modified by their system.Mitigating Common Cloud Risks Focus Research ©2012 2
  • 3. Be sure to look for vendors that allow for industry standard exports into XML, CSV, XLS, various databaseformats, or other structured formats, and make such exports a part of your weekly/monthly processes.Risk #3 – Poor Security PracticesSecurity is one of the biggest concerns that you will hear in relation to cloud computing, but the truth isthat putting your data into the cloud does not automatically make it less safe than hosting it internally, nordoes it make is automatically more safe. As long as your site can be reached on the internet, there are anynumber of ways to attack it and attempt to compromise it.Security is a function of people, processes and technology. Although most of the emphasis tends tobe on technology, the real weaknesses are people and procedures. In order to have a secure cloudsolution, an organization needs to ensure that it has security-minded people, secure infrastructure, secureapplications, and security-focused partners. Depending on the type of cloud services being sought, theburden for facilitating a security environment may fall more on the side of the service provider, or more onthe side of the customer, but at the end of the day, it is the customer who is ultimately responsible for thesecurity of the data that is stored.Organizations need to ensure that their vendors are providing them tools to support security, and that theyare making use of those tools to ensure a high level of security. Most breaches don’t occur because of alack of tools or technology, but because of a failure to implement the tools and technology and proceduresavailable for a safer computing experience.In order to get the maximum value from their cloud computing experiences, organizations need to payclose attention to these commonly overlooked areas, and ensure that they have an effective strategy inplace to mitigate these risks. Andrew S. Baker is a hands-on architect of advanced technology solutions that increase corporate agility, mitigate business risk, reduce operating costs, and facilitate business growth for organizations in the SMB market. Mr. Baker has served for over 15 years as a trusted technology advisor to small and mid-sized organizations across many verticals, specializing in the areas of technology infrastructure, information security and cloud computing.Mitigating Common Cloud Risks Focus Research ©2012 3