Managing Risk in the Cloud - Ace Group White Paper
Cloud computing is a landscape-altering technology that is enjoying increasing rates of adoption — often implemented, however, without taking sufficient risk management precautions.
Risk managers need to have a deep understanding of what cloud computing is, and why they need to be aware of it. While there are numerous advantages to adopting the cloud, there are also abundant risks, and having a comprehensive risk management plan in place is critical.
What Is Cloud Computing, and Why Should Risk Managers Care?
Cloud computing has become, among other things, a buzzword nearly everyone has heard, but very few truly understand. And still fewer observers of this technology grasp all its implications for the future — largely because those effects are not yet completely clear.
This, in turn, might be because cloud computing is closer to the infancy of its development: so many of its benefits and risks have still to be fully realized or understood. What is clear, however, is that the cloud is poised to do nothing less than redefine and take over the Information Technology (IT) landscape and, with it, the way companies around the world do business.
But what exactly is cloud computing, and how does it impact the work of risk managers?
Rather than jump into overly technical definitions of the cloud, we’ll begin with a broader description of its potential for transformational impact, particularly as a new utility.
Cloud computing has the potential to not only become the defining technology of the twenty-first century, but also the defining utility, just as electricity was for the twentieth.
As Nicholas Carr, author of The Big Switch: Rewiring the World from Edison to Google, observes, “What happened to the generation of power a century ago is now happening to the processing of information. Private computer systems, built and operated by individual companies, are being supplanted by services provided over a common grid — the Internet — by centralized data- processing plants. Computing is turning into a utility, and once again the economic equations that determine the way we work and live are being rewritten.”
It is important for risk managers to recognize that, in the not-too- distant future, a majority of companies, both large and small, will utilize the cloud for some aspect of their business. In fact, according to ACE policyholder data, 59 percent of ACE’s Professional Risk policyholders are already utilizing the cloud in some way.
As we’ve mentioned, the cloud has many differing definitions. In fact, there is a multitude of terminology both surrounding and describing variations of the cloud.1 But, as our focus here is on risk management, we’ll concentrate on key definitions that will help risk management professionals get a handle on its benefits and potential risks.
Cloud computing refers to a menu of hosting services usually provided over the Internet on a usage or metered basis, while at the same time leveraging infrastructure shared by multiple customers. Put more simply, cloud computing involves the sale of computer software and hardware “as a service,” which means that an organization no longer needs to purchase either; it can instead rent them via the cloud.
Meanwhile, the cloud itself is operated and maintained by cloud service providers (cloud providers) through networked “server farms,” which offer their subscribers unlimited availability and data storage, along with seamless access to software, applications provisioning, and automatic upgrades.
To take a closer look at what this actually means, we’ll refer back to our electric utility comparison. When we use any appliance that requires electricity, we know that the power will not only be there, it will be sufficient to run our appliance. What we don’t know is where, and from what source, the electricity comes from — whether it was from a nearby nuclear power plant, a hydroelectric facility, or a wind farm. Cloud technology is similar. We know it will be there and be sufficient, but we don’t know what kind of hardware our data is stored on, nor do we always know where it is stored. The cloud is basically a computing power plant, while cloud providers like Amazon, Microsoft, Rackspace, and Verizon Terremark are computing power companies.
Diving a little deeper, there are some basic definitions that risk managers need to know in order to manage the risks presented by the cloud.
To read the full report please click below: