The traditional roles of outsourcing and the extended enterprise are stretched by the increased popularity of cloud computing. Clouds and other utility computing environments challenge our traditional approaches as the control and custody of personal information is further ceded.
…not all processes and information should be ushered to the new frontier of technology, and making the decision on what and when to convert to new solutions is a step organizations must carefully contemplate.
While organizations may have chosen in the past to avoid cloud technologies and the possible privacy and security challenges they bring about, in this economic climate, the cost reduction benefits that such solutions offer have brought many organizations to reassess whether these transformational technologies are right for them.
Cloud service delivery models and deployment
There are three common cloud service delivery models:
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
- Software as a service (SaaS)
There are four common cloud service deployment and consumption modalities: private, public, managed and hybrid. It is the combination of the service delivery model with the service deployment model that sets the basic cloud computing risk profile.
Organizations must first address some key considerations before engaging with cloud providers.
Cloud computing adds a new type of outsourcing arrangement for the organization that may not fit neatly with the current approach for procurement and vendor management. The ability to keep such arrangements within the current set of data protection expectations is key and should not be diminished.
Making sure that the organization’s key stakeholders are comfortable with the risk-benefit ratio (e.g., cost reduction through outsourcing staff, software and storage of information) is critical for the effective long-term adoption of such approach as well.
Of course, not all processes and information should be ushered to the new frontier of technology, and making the decision on what and when to convert to new solutions is a step organizations must carefully contemplate, especially where limitations exist over the supervision and assurances provided by the service provider.
Ask yourself
As you move your information to the clouds, have you:
- Inventoried your processes and systems and assessed which may be better candidates to be moved to the cloud based on their privacy risk exposure?
- Considered the implications of the trans-border transfers of your information in the cloud?
- Identified what privacy and security considerations your organization will be comfortable with before moving personal information to the cloud?
Related content: Outpacing change: Ernst & Young’s 12th annual global information security survey
