Cloud Computing: Chances and Risks for modern Enterprises.

This topic lies between at least two areas: enterprise cloud computing itself and risk
management. I would like to focus more on potential risks that organizations may have during
cloud computing adoption. And then in my further research I would like to assess and prioritize
these risks.

We are starting with a definition of Cloud Computing.

Modern organizations are supported by an highly increasing number of IT applications and IT

infrastructure. It has become very costly and time-consuming for companies to maintain. In
recent years cloud computing came as a solution for BOTH problems.

So we define
Cloud computing is an advanced IT model to host and share both software and hardware
resources over the Internet. It allows organisations to use a pool of IT resources and applications
as services virtually through the web, without physically holding these computing resources
internally.

Characteristics
 Rapid elasticity. cloud computing may increase users' flexibility with re-provisioning,
adding, or expanding technological infrastructure resources.
 Usage-based billing options (This innovative cloud model also enables the on-demand
provision of computing resources on a pay-as-you-go basis.) This makes the use of IT
resources similar to the consumption of other daily utilities, such as water and gas
 Broad network access (enable users to access systems using a web browser regardless of
their location or what device they use)
 Maintenance of cloud computing applications is easier, because they do not need to be
installed on each user's computer and can be accessed from different places
 Multitenancy enables sharing of resources and costs across a large pool of users
 Real-time data. Productivity may be increased when multiple users can work on the same
data simultaneously, rather than waiting for it to be saved and emailed. Time may be
saved as information does not need to be re-entered when fields are matched, nor do
users need to install application software upgrades to their computer.

Cloud services can be divided into three main categories:

1. Software as a Service (SaaS)

2. Platform as a Service (PaaS)

3. Infrastructure as a Service (IaaS)

• Software as a Service (SaaS). In the SaaS model, software applications (e.g. organisational email
systems, office applications, sales/accounting systems, and even Enterprise Resource Planning or
ERP systems) are run on a vendor-managed and controlled infrastructure, and are made
available to clients through web browsers.
• Platform as a Service (PaaS). In the PaaS model, computing platforms are provided as a service
to deploy and run user applications. It offers a programmable environment and middleware to
support IT application development and deployment in user companies.

• Infrastructure as a Service (IaaS). In the IaaS model, hardware and IT infrastructure resources
(e.g. CPUs, hard discs, databases, and servers) are provided as a service to companies through
the virtualised cloud environment.

Despite all these attractive features, the adoption of cloud computing is associated with a wide
range of potential risks and challenges.

A risk can be defined as “the occurrence of an event, which is associated with the adoption and
use of cloud computing, and can have undesirable consequences or impacts on user
companies”.

Companies should strategically decide whether cloud computing is the right tool for them and to
be prepared to possible problems.

Possible risks can be divided into 4 categories:

 Organisational risks. Cloud adoption can lead to significant impacts on diverse

organisational aspects, such as IT governance, compliance to industrial regulations, in-
house IT experts, and IT planning.
 Operational risks (data and apps movability, financial issues, service reliability etc). The
adoption of cloud computing significantly changes the internal IT and business operations
in user companies.
 Technical risks (data quality and maintainance, system performance, data security etc)
 Legal risks (related to data privacy, intellectual property, contracts etc)
Top 10 critical Risk Events for Enterprise Cloud Computing (from 39)

 Privacy of enterprise or customer data is jeopardised in the cloud

 Inconsistent data protection laws adopted by different countries where cloud data are
generated and stored
 Difficult for user companies to change cloud vendors even in the case of service
dissatisfaction (also known as vendor lock-in)
 User companies lack disaster recovery and contingency plans to deal with unexpected
technical issues in cloud environment
 Enterprise data re-migration difficulties at the end of the cloud contract
 Inadequate user training/knowledge on cloud services and usage
 Cloud applications become temporarily unavailable or out-of-service
 Increasing hidden costs due to non-transparent operating models in the cloud
 Denial-of-Service (DoS) attacks in the cloud environment
 Unauthorised access to enterprise data/applications in the cloud