I hear a lot about the many virtues of moving to the cloud. There are a lot of reasons this makes sense—among other things, the cloud can provide greater efficiencies, reduce costs, enhance productivity, remove geographic barriers and improve disaster recovery. And with so many cloud-based applications available and more hitting the market constantly, it definitely is the way of the future (if not the present).
But the articles I’ve read tend to focus on the benefits, and working in the cloud is not without risks. You don’t control the platform, and your company’s critical data (about employees, finances, customers, etc.) is being stored outside your premises with a third party. Even though someone else is managing your data, you are still responsible for what happens to it. Here are a few risks to consider:
Data location. Where is your data being hosted? Data protection and privacy regulations in many countries specify where certain employee data can be physically located. Also, different countries provide different legal protections, so if your provider moves its data center to another country there could be serious consequences for you.
Data ownership and migration. What happens to your data if you switch vendors or if a vendor goes out of business? Will it disappear? Will it be deleted securely? Will it cost to transfer your data from the vendor at the end of the contract?
Security. What controls are in place for transmitting data to your cloud provider and storing data securely? Is customer access secure? How are security breaches handled, and how soon are customers notified? (Ask for a SOC2 report to help assess data protection and security.)
Reliability. Industry standard uptime is greater than 99 percent. Does your provider meet that? How often is maintenance performed? How are customers notified of scheduled down time? What is the disaster recovery plan? Are full backups taken at least daily? Are there redundant sites and systems?
Integration. Evaluate how well the application integrates with existing applications (both in the cloud and at your location).
If you’re moving to the cloud, be smart—weigh costs and benefits, and evaluate options carefully. If you have an enterprise risk management (ERM) program in place, make sure the cloud is part of your strategy. Know what your risks are and address them up front; if something goes wrong you may be looking at business disruptions, damage to your reputation, lost customers and more. You don’t want to be surprised.
Don’t have an ERM program? Learn more about ERM for midsize companies in our latest report, ERM: Not Just for the Big Guys.