Data in the cloud – undoubted benefits but what about the risks?
Cloud computing has revolutionised the way in which IT products and services are being provided to customers, moving users away from the traditional software licensing models and premises-based data centres to ‘pay-as-you-go’ or utility-based pricing. The implementation of cloud computing technologies has seen real benefits being achieved by customers including:
Reduced capital spend cost – less capex spend is required as less IT infrastructure, software and licenses are being purchased directly.
Reduced IT overcapacity – many organisations have underutilised IT assets.
Increased capability – organisations are able to use services which they may not have been able to afford before or the capability to deliver.
Access newer technologies – cloud computing providers can be expected to maintain their services on the latest platforms, provide the latest features and functions and install the latest patches etc.
Provides utility-based charging – usage is charged for and non-usage is not.
While adopting cloud technologies has undoubted benefits, we are finding that many organisations are not adequately considering the risks resulting in moving to a cloud solution or considering the available service levels of alternative providers.
To lessen these concerns the following are some questions and considerations to discuss with cloud providers:
Where does the data reside? Which legal jurisdiction applies to the data? Who has access to it from a legal perspective? If you terminate the agreement, can you retrieve your data?
What continuity plans are in place for recovering data? Typical questions should include can and how long will it take to recover? What priority will my organisation have in the queue?
What level of service resilience is provided within the service? At some point providers will have to repair their systems. If this occurs out of office hours in other time zones, this could impact on your 9 to 5 operations in NZ.
Does the service provider have a help desk function? Is its service coverage and hours sufficient? What are the service levels for answering calls? Is the help desk overseas raising possible language issues?
Does the service provider require third-party providers? What risk does this pose to the quality, security and continuity of services provided?
If you have concerns over the use of cloud technologies in your local Findex adviser.