Risk Management

Resolve security control issues on a PaaS with this risk management framework

Grazed from TechRepublic.  Author: Judith Myerson.

Risk management provides a framework to help you select security controls to protect an information system anywhere in the development life cycle on a Platform as a Service (PaaS) -- it doesn't matter whether it's an engineering, procurement, or personnel system.

The security controls are implemented after the risks are identified, assessed, and reduced to a low level. The implementation criteria include cost effectiveness, technological efficiency, and regulation compliance. You must document the criteria in a security plan...

Managing Contractual Risk in Cloud Contracts (Part 1)

Grazed from CloudComputingAdmin. Author: Ricky M. & Monique L. Magalhaes.

In this two part article we will look at contractual terms in cloud services contracts and issues for consideration, to reduce risk. If you would like to be notified of when Ricky & Monique Magalhaes release the next part in this article series please sign up to our CloudComputingAdmin.com Real Time Article Update newsletter.

Due diligence procedures should not be overlooked when selecting a cloud provider. Cloud computing risks can be identified, managed and even reduced through thorough scrutiny of the services contracts to ensure the appropriate contract assurances and operations best practices are in place. Contracts for cloud services vary, from ‘one-fit-all’ solution contract or a multi-layered services agreement...

How to manage contractual risks in cloud computing

Grazed from ZDNet. Author: Ryan Huang.

There will be practical and commercial risks when choosing a cloud service, but these can be mitigated through due diligence by focusing on the service contract. Firstly, according to Rob Bratby, managing partner at law firm Olswang Asia, the business must understand what it needs and what it will get from the cloud service. Depending on the complexity and value of the services, businesses may prepare their own service description or start with the vendor's version.

Ultimately the service description should comprehensively set out the business needs. "If it doesn't, it must be challenged and any inadequacies should be dealt with. If this isn't done, the risk is that the service contract for cloud services that may prove to be lacking later down the line. The same goes for pricing, service levels and service credits, rights to exit, rights to change the services, security plans and standards, disaster recovery arrangements and governance arrangements," added Bratby...

The Unthinkable Risks of the Cloud

Grazed from CFO. Author: David Wood.

By mid-2013 – meaning now -- cloud computing will be in use by about 80 percent of about 600 companies with at least 500 employees each, according to a 2012 TNS Infratest survey. The trend is undeniable: Data management and storage are moving offsite to cloud computing vendors on a vast scale.

Touting cloud computing as a way to eliminate the costs of buying and maintaining on-site information-technology assets, vendors offer it in the form of software as a service (SAAS), a distribution model in which software applications are delivered to clients over a web-based network...

The Top Five SaaS Risks and How to Mitigate Them

Grazed from Sys Con Media. Author: Denise Dubie.

You may have heard that cloud computing and Software-as-a-Service (SaaS) models can turn software technology into a pay-as-you-go utility that businesses can “plug in to” and use like electricity? Perhaps — however, software technology is far more varied, nuanced and diverse than electricity. You don’t win customers by having better electricity than your competition. Software, by contrast, absolutely is a competitive differentiator for any business today.

Companies in industries as varied as retail and finance use software at the very core of their value proposition to customers. It lets them deliver a variety of services to their customers, improve operational efficiencies, create new offerings and a lot more. That’s not to downplay the business flexibility that SaaS can bring. Being able to “switch on” software and infrastructure delivered as a service for a metered fee can be an attractive alternative to having to build and manage your own IT environments...

Why Risk In The Cloud Is Good For The Economy

Grazed from Forbes. Author: Jacqueline Vanacek.

So much has been written about “the risks” of cloud computing, but that risk leads to bigger rewards, especially for small business. And as the engine of job creation, small business will accelerate the economic recovery. SMBs can launch new operations in the cloud with little up-front capital. This levels the playing field against market leaders and allows for rapid growth.

Seventy-four percent of small-medium businesses expect to use cloud services next year. They are also mobilizing their workforce (see Infographic). This can increase remote worker productivity by seventy-two percent...

If you are using Cloud-based services, you should understand the risks, says expert

Grazed from EINPressWire. Author: PR Announcement.

IT Governance Ltd, the leading expert in information security training, consultancy, books and tools, has reported that the Cloud Computing Foundation training course in November is available at a special discounted price of £450 + VAT. This exceptional offer of the EXIN-accredited course will help cost-effectively train your whole IT team in the basics of Cloud Computing. Places can be immediately booked online at www.itgovernance.co.uk/products/3719.

Cloud Computing presents every organisation with the opportunity to increase the effectiveness of its information technology, while potentially significantly reducing costs. Alan Calder, CEO of IT Governance, says, "Understanding the additional risks and supplier relationship issues associated with Cloud-based services are essential for all IT professionals." ...

Nine Ways To Manage Risk in Your Cloud Contracts

Grazed from Forbes. Author: Jacqueline Vanacek.

When purchasing cloud computing services, here are nine practical considerations to manage your business and legal risks to ensure successful adoption of this emerging compute model. These recommendations were presented at the San Francisco-based CloudCon Expo by Riaz Karamali, legal expert and partner at Sheppard Mullin Richter & Hampton LLP.

Mr. Karamali first suggested that if click-through terms do not fully meet your needs, writing the initial cloud contract to “factor in your business realities, compliance requirements and expectations” is the best way to ensure that your unique needs are met. While cloud services vendors usually offer one-size-fits-all terms, be sure to negotiate all ways to mitigate your risk.

The following checklist of nine practical tips can help you do that...

How Cloud Can Facilitate Risk Management

Grazed from BankInfoSecurity. Author: Eric Chabrow.

Ron Ross, the NIST IT security and risk guru, sees cloud computing as a vehicle to help organizations implement an information risk management framework.

Ross, senior computer scientist and fellow at the National Institute of Standards and Technology, says in an interview that the costs of automated tools needed to implement the information risk management framework could be offset by savings realized by the use of cloud computing services.

The interview is part of an Information Security Media Group webinar by Ross entitled Risk Management Framework: Learn from NIST. An excerpt from that interview is presented here...

When Clouds Collide, You Get Lightning

Grazed from CFO. Author: Rob Livingstone.

As the cloud carnival slowly makes its way through town, organizations (fortunately) are becoming increasingly aware of many of the pitfalls associated with the adoption of non-trivial, enterprise cloud computing solutions. Oft-cited risks include data privacy, uptime reliability, security, total cost of ownership, vendor lock-in, and jurisdictional jeopardy (the potential violation of rules and regulations that apply when your data, especially customer data, crosses borders).

Well, there’s another risk.

Under cover of darkness, and most likely already thriving in your organization, are Shadow IT departments. These arise when users and department heads go it alone, provisioning and deploying IT systems (most often cloud services) that are sourced externally and funded from local discretionary budgets without the involvement of the IT department or even the knowledge of the CFO...