While proving popular and chock-full of benefits, the cloud, and working in it, comes with risks. You don’t control the platform, and your company’s critical data (about employees, finances, customers, and so on) is being stored outside your premises with a third party. Even though someone else is managing your data, you are still responsible for what happens to it.
Here are a few risks to consider so you won’t be surprised:
Data location. Where is your data being hosted? Data protection and privacy regulations in many countries specify where certain employee data can be physically located. Also, different countries provide different legal protections, so if your provider moves its data center to another country, there could be serious consequences for you.
Data ownership and migration. What happens to your data if you switch vendors or if a vendor goes out of business? Will it disappear? Will it be deleted securely? Will it financially cost to transfer your data from the vendor at the end of the contract?
Security. What controls are in place for transmitting data to your cloud provider and storing data securely? Is customer access secure? How are security breaches handled and how soon are customers notified? (Ask for a SOC 2 report to help assess data protection and security.)
Reliability. Industry standard uptime is greater than 99 percent. Does your provider meet that? How often is maintenance performed? How are customers notified of scheduled downtime? What is the disaster recovery plan? Are full backups taken at least daily? Are there redundant sites and systems?
Integration. Evaluate how well the application integrates with existing applications (both in the cloud and at your location).
If you’re moving to the cloud, be smart—weigh costs and benefits, and evaluate options carefully. If you have an enterprise
Know what your risks are and address them up front; if something goes wrong, you may be looking at business disruptions, damage to your reputation, lost customers and more. You don’t want to be surprised.
Learn more about ERM programs from my recent report, ERM: Not Just for the Big Guys.