Balancing Risk and Reward With Cloud Computing

Greg Grocholski is International President of ISACA and Chief Audit Executive of The Dow Chemical Company.

Cloud computing has caught on with companies of every size, but it's especially appealing to resource-strapped small businesses and start-ups. The attraction is obvious — it typically requires no capital expenditures and no team of in-house IT experts, and you pay for only what you consume. Cloud is here to stay, but there are several trends in 2013 that growing businesses should be aware of. The good news is they all can be navigated for companies that want to reap the benefits of business in the clouds this year.

Growing interest in private or hybrid cloud solutions prompted by security concerns

In a recent survey by ISACA, a nonprofit association of 100,000 IT professionals, fully two-thirds (66 percent) of small or midsize companies feel that the risk of cloud computing outweighs the benefit. Only 10 percent use the public cloud for mission-critical IT applications, vs. nearly triple that number who use private clouds for the applications they count on to run their business. That preference for private or hybrid clouds is expected to increase in 2013.

The convenience and cost efficiency of public clouds also bring big security risks.

Here are the four main ones:

• Unavailability through malicious overuse, or what is called a distributed denial-of-service (DDoS) attack
• Loss of data due to deliberate destruction
• Theft of the data
• Data disclosure to unauthorized staff, organizations or the public. This includes the undesirable yet legal access to a company's data from outside the country due to different regulations across international borders.

A public cloud is like a shared office building — it's a multi-tenant environment where different companies share a pool of resources, in this case one that includes storage, hardware and network components. All tenants are at risk when one tenant is hit with a DDoS attack or when one tenant's data are not 100 percent "scrubbed" from a storage device before that device is reused for another tenant. Tips and resources to help guide the public vs. private vs. hybrid decision are presented below.

Rise of personal clouds

Another rising cloud trend for 2013 is the so-called "personal cloud." Personal clouds are a way of storing files that consumers can access from anywhere via the Internet. If you've used Dropbox, Apple iCloud, or Google Docs, for example, you've used a personal cloud. And you wouldn't be alone: a leading analyst firm recently predicted that the personal cloud will replace the personal computer at the center of users' digital lives by 2014.

Personal clouds are not just personal, however. They are something that businesses need to account for. The rise of personal clouds means that the next time one of your employees needs to work from home (or at a coffee shop), your company's most sensitive information — a customer list or new product blueprint or patient healthcare records — could end up on a server somewhere that is outside your control.

Your employees may not think to get clearance from your IT department first. In a 2012 ISACA survey of consumers, more than one in 10 employees (11 percent) say they have used a cloud service like Dropbox or Google Docs for work documents without their company's knowledge. Most would agree that offering the flexibility to work outside the office creates a more productive and satisfied workforce, but that capability should be balanced with keeping your data secure in the increasingly cloudy landscape in 2013.

Increased focus on ROI

Cloud computing can help reduce costs and increase revenues in many situations, but it is not a silver bullet. Businesses should build a business case for what — and how — to move to the cloud, especially in the current economic climate. Small businesses are likely to be especially cautious heading into 2013. According to the January 2013 Small Business Optimism Index from the National Federation for Independent Business, plans to make capital outlays stayed at recession levels, and 70 percent of business owners characterize the current period as a bad time to expand. This uncertainty is likely to drive closer scrutiny of all expenditures, including cloud solutions, for expected return on investments in 2013.

5 Tips for Managing the Cloud in 2013

• Balancing the potential risks with range of real benefits that can be derived from using cloud-based solutions is the key to being ready in 2013. The following tips can help you protect your data and evaluate potential ROI.
• Identify and classify all information assets (data, applications and processes) considered in the scope.
• Set specific business goals that should be met by the cloud services.
• Request a disaster recovery plan from your cloud provider that ensures your business will continue to operate in case of disruptions, and keep an in-house contingency plan in case the DRP fails.
• ROI is a good start, but ensure that other financial indicators are calculated as well (a list of indicators to consider is available in "Calculating Cloud ROI," a free white paper from ISACA.
• Remember that it's far easier and less costly to change a decision when it is still on the drawing board.

Cloud computing is a great solution for small and medium enterprises. Make 2013 the year you cut through the hype, determine the real business value it can bring to your enterprise, and make a well-informed, risk-based decision on how to proceed.

The views expressed are those of the author and do not necessarily reflect the views of BusinessNewsDaily.