The Protect IU Blog
COSO: ERM framework and Cloud Risks
Cloud computing is a booming industry in both the for-profit and non-profit sectors. Clouds have many benefits, including: reduced costs, scalability, remote access, and customization. But as the trend continues to grow, decision-makers need to remain cautious and conduct a thorough business analysis to identify all risks involved. “When you engage a third-party cloud service operator, you ultimately are going to be expanding or changing your risk universe,” says Warren Chan, co-author of the paper and a principal at Crowe Horwath. “Some don't realize that once you bring in a third party to support your data, you bring on other dependencies.”
According to Chan, organizations often fail to cogitate the downstream effects of cloud services, especially when you move your entire architecture to a shared environment. Risks for cyber-attack, outages, and other complications can arise with minimized abilities to mitigate. “If you run a standalone data center and you don't have a tremendous risk of notoriety in cyberspace, the likelihood of attack is low,” he says. “But if you outsource to an Amazon or a Google, the probability of a cloud service architecture being hacked is much higher.” In addition, the threat of a major spike in internet traffic and its effects on the performance of their own systems shared in cloud architecture is often overlooked.
To read the full article, please click the link below:
For more information, visit our page about Cloud Computing.
Ryan Chizum is a Risk Management Analyst for IU's Public Safety and Institutional Assurance.