Risk in cloud computing

There is a risk involved in pretty much everything we do in life. For instance there is a risk that we might miss the train in the morning or a risk that we might trip over and fall while walking. Likewise in cloud computing there is a risk that our data might be hacked into if it is not safely secured and protected. This is part of the reason why APRA recently released an information paper titled Outsourcing Involving Shared Computer Services (Including Cloud) which provides guidance to the finance industry on how to best tackle security and risk concerns surrounding sensitive data such as customer details.

 APRA has highlighted the two most common types of risk, 'low risk' and 'heightened inherent risk". Low risk services includes shared facilities with each entity's IT assets located on separate hardware and shared infrastructure hosting data that is either "low criticality", desensitised or publicly available. Whereas heightened inherent risk includes exposure to un-trusted environments; the 'public cloud'; and arrangements where providers, the shared computing service or the specific usage has an "unproven track record".

Financial service providers such as banks used to be quite uncertain about transitioning to the cloud mainly due to security and risk concerns. Here are some of the potential implications if a risk management framework hasn’t been implemented effectively:

·         The cloud vendor might have an outage which will most likely reflect on your organisation’s reputation and image

·         Your data might be less safe when it is offshore making it more prone to hacking and other security concerns

·         A potential for theft and loss of customer data – this could be accidental or deliberate

·         And many more!

Mind you despite these risks, there are quite a lot of benefits of transitioning to the cloud as outlined by this article:

Reduced IT costs: The lack of physical hardware the need for expert staff – transitioning to the cloud is quite a bit cheaper in the long term 

Scalability: You have the freedom to scale up you IT systems or scale them down in accordance to demand

Business continuity: It is another method of protecting your data and allows access in an event of a crisis, natural disaster or a power outage

Collaboration efficiency: Allows your organisation to share and communicate more easily 

Flexibility of work practices: It allows your employees to access data even when they are not physically in the office

So as a financial providers thinking about transitioning to the cloud, here are a few things to consider as outlined by this article:

·         Privacy agreement and service level agreement: need to understand the responsibilities of the vendor, as well as your own responsibilities

·         Security and data protection: will be required to implement tight security measure to ensure that your data is safe

·         Location of data: need to be know where your data is stored and the laws around security and privacy in that country

·         Legislation and regulation: need to be aware of and understand the Australian legislative and regulatory requirements

There are things that we do to mitigate risk. For example making sure to wake up early so that we don’t miss the train or making sure that we aren’t running in heels. Likewise, I believe the recent release of APRA’s guidelines is simply a way to ensure that customer data safe and secure.

 

 

 

 

When Aranei was seven she truly believed she could one day train turtles in the Galapagos. Unfortunately she came to the realization that such a thing could never happen. A couple of years later, she decided to be a conference producer and has never looked back. The best part of her role is exploring different sectors and getting in-depth insights from thought leaders and well-experienced specialists from varying sectors.