Cloud Computing: Business risk management

Abstract

Cloud computing is considered to be a disruptive concept that is going to change the way businesses use information technology. There are many organizations that are uncomfortable about migrating to a cloud environment due to many anticipated risks. This project unravels the business risks involved with cloud computing in terms of security, availability of services, location of data, data integrity, migration issues, and regulation compliance issues. The study covers various potential security issues and measures when various services such as Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS) are provided by cloud vendors. The project intends to understand the issues related to cloud computing with respect to both existing and potential cloud users. This primarily focuses on risk identification, analysis, evaluation, and mitigation plans. We started the study with secondary research. As part of secondary research, major publications/MIS /Academic journals were referenced from various sources. This gave us a fair understanding of cloud computing, essential features, benefits and issues. Many ideas were extracted from them. We started the primary research through Microsoft Office 365 survey. This survey was done to get the initial idea about the awareness of people in industry and what their acceptability levels are with respect to this cloud service. This survey was floated to Small & Medium Enterprises (SMEs). We initiated another cloud computing survey to assess the business risk in a cloud computing space as perceived by cloud users. We also executed the primary research which involved conducting extensive focus interviews of senior IT managers, CIO, CEO, and CISO of various organizations that are either into cloud usages, or are evaluating the decision or are cloud service providers. Interviews were also taken for an SME and also in the Government sector to understand the scope of cloud usage in e-governance initiatives. Based on the secondary and primary research, risk mitigation plans for cloud users and cloud service providers were identified. These are followed by the recommendations for the cloud users, regulators and service providers. Through these recommendations enterprises can follow the steps to make sure that cloud providers meet the service levels and regulatory compliance of the organization. We understand that cloud computing is definitely expected to bring radical changes in future. The current requirement to make the cloud computing a successful phenomenon can be achieved by maintaining accountability and security of data. Organizations should employ suitable risk and security management practices and quality controls over their cloud computing spaces. Well-built management practices are essential for operating and maintaining a protected cloud computing solution. There should also be sharing of best practices for technical and operational usage in industry. This would surely enhance the growth of cloud services and its usage in the industry.