Do the Risks of Cloud Computing Outweigh Benefits?

by Emily Holbrook on April 7, 2010 · 1 comment

cloud computing

The idea of cloud computing, or internet-based computing, has become very popular over the past few years with its innovative cost benefits and efficiency. And as more organizations look to switch from company-owned hardware to per-use service-based models, the benefits of cloud computing have been touted over and over again. But what about the risks?

Well, according to The Information Systems Audit and Control Association (ISACA), many feel the risks of such computing outweigh the benefits. In fact, 45% of those surveyed in ISACA’s first annual IT Risk/Reward Barometer survey feel that way. In addition:

The IT Risk/Reward Barometer found that only 10% of respondents’ organizations plan to use cloud computing for mission-critical IT services and one in four (26%) do not plan to use it for any IT services.

Consistent with this attitude is the appetite for overall IT-related risk in 2010. In the face of continued economic uncertainty and despite the potential to drive greater rewards, more than three-quarters of those surveyed believe that projects should offer the same or lower level of risk in 2010. Similarly, 79% will invest the same amount or only slightly more in risk management and compliance in 2010.

“The cloud represents a major change in how computing resources will be utilized, so it’s not surprising that IT professionals have concerns about risk vs. reward trade-offs,” says Robert Stroud, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Inc. “But risk and value are two sides of the same coin. If cloud computing is treated as a major governance initiative involving a broad set of stakeholders, it has the potential to yield benefits that can equal or outweigh the risks.”

The survey also revealed organizations’ attitudes and behaviors related to IT risk management. According to the IT professionals questioned, only 22% of organizations are very effective at integrating IT risk management with their overall business risk management. And, as usual, every organization employs people who further contribute to the company’s IT risks. The Barometer found that the top three high-risk ways in which employees contribute to risky business are:

  • Not protecting confidential work data appropriately (50%)
  • Not fully understanding IT policies (33%)
  • Using non-approved software or online services for their work (32%)

“Many employees are working around controls and using non-approved devices and programs so they have the tools they need to do their jobs,” said John Pironti, member of ISACA’s Certification Committee and president of IP Architects LLC. “Instead of prohibiting certain technologies, organizations should try to learn why their employees feel they need these technologies and train employees to use them safely.”

As with anything, proper training is essential to reducing inherent risks. As the popularity of cloud computing grows, organizations will be forced to step up their employee training while more responsiblity will be placed on IT professionals. Is it all worth it? Is cloud computing worth the risk?

Picture 8

Consistent with this attitude is the appetite for overall IT-related risk in 2010. In the face of continued economic uncertainty and despite the potential to drive greater rewards, more than three-quarters of those surveyed believe that projects should offer the same or lower level of risk in 2010. Similarly, 79 percent will invest the same amount or only slightly more in risk management and compliance in 2010.

Similar Posts:

Emily Holbrook is the executive managing editor for National Underwriter Life & Health and the former editor of the Risk Management Monitor and Risk Management magazine. You can read more of her writings at EmilyHolbrook.com.

{ 1 comment… read it below or add one }

we are cloud August 20, 2010 at 5:04 am

Thanks for this post. The compelling business case for the cloud is realized by many IT professionals, but determining the return on investment of a technology such as cloud computing can prove to be difficult. Have you encountered the ITX (IT Cloud Transformation) ROI Calculator? It’s a free online service which will enable you to quickly estimate how much you stand to save in the cloud, versus on-premise. The program takes into account software applications, servers, data centers and back office functions and determines which would be cheaper with Web-based software applications and how long it would take to achieve ROI. For more info see this blog post http://bit.ly/bFsy7X

Leave a Comment