At the start of this decade, many regional IT managers expressed concern whether their organizations would ever embrace Cloud as a platform or not. They mused that Cloud is perhaps suitable for very specific workloads, but they would never migrate these mission-critical workloads to an external platform. As we move into the next decade, much of the regional mindset has changed to embrace Cloud as a business-enabling platform, while keeping mission-critical workloads on a Private Cloud or even Hybrid Cloud platform.
The sheer cost and agility advantages of the Public Cloud platform is driving regional IT spending into this area at a double-digit growth rate. The requirements of in-country data regulations and compliance is attracting large Cloud providers to invest locally. And such players are increasingly investing inside the region and in countries like the UAE and Saudi Arabia, in a relatively steady but consistent manner. According to global research and consulting firm Gartner, the number of Managed Cloud Services Providers is predicted to triple by 2020.
So, all seems to be well established for rapid movement forward into the realm of widespread Cloud adoption and migration. But global risk and cybersecurity executives continue to remain concerned about relatively weak security controls and policies that exist across emerging Cloud-data platforms in general. According to Gartner’s latest Emerging Risks Report and Monitor, the majority of risk executives reported being most concerned about the probability and impact of potential data risks associated with Cloud Computing.
While adoption and migration of Cloud deliver immediate capex and opex benefits and brings agility into the organization, IT and cybersecurity managers must balance the speed of adoption with increasing levels of control and compliance into the Cloud. Institutional and country level audits like GDPR, punitive measures by the Board, and other corporate shareholder guidelines, do not allow any lack of rigor by IT and cybersecurity managers in this area.
For enterprises that are actively moving to the Cloud, there are two principal risk areas that need to be actively monitored going forward. The first area of risk is the migration of on-premises data to Cloud platforms and this could include sensitive, private and confidential information as well as historical transactional data about the organization, its suppliers as well as its customers.
IT and cybersecurity managers must ensure that the same level of compliance around security policies and employee sign-on that exist on-premises are maintained for Cloud platforms as well. They must know where the data is resident and who is responsible for the migration and movement of the data to Cloud platforms. Once resident on the Cloud, they must remain in control and responsible for who has access to data in the Cloud. The Cloud data access policies must remain mirrored to the on-premise policies and it is the IT and cybersecurity managers who are responsible for this in-cloud compliance.
The second area of risk is around the economic, financial and technical stability of the Cloud Hosting Provider and its ecosystem of suppliers. Rapid migration of data to the Cloud is driving the spawn of gold-rush Cloud Service Providers, either as direct or indirect players. IT and cybersecurity managers must be particularly concerned if their Cloud Services Providers change their Service Level Agreements or display any evidence of inability to provide their services.
The combination of the above two risks, namely unauthorized access to Cloud data and inability to provide Cloud services, due to lack of compliance by either the organization or the Cloud Service Provider, can have disastrous consequences for the organization. While such an extreme situation is yet to occur in the region, global advisory firms like Gartner are drawing attention to the possibility, as an emerging data risk in Cloud Computing.
As a corollary, end users are advised to engage with economically stable and well-entrenched Cloud Services Providers, while the gold-rush is ongoing.