Risk and Governance Considerations in Cloud Era

Risk and Governance Considerations in Cloud Era

Mohammad Ali Shalan (Jordan Engineers Association, Jordan)
DOI: 10.4018/978-1-5225-5481-3.ch022


Cloud Computing (CC) has recently emerged as a compelling paradigm for managing and delivering computing services over the internet. It is rapidly changing the landscape of technology and ultimately turning the long-held promise of utility computing into a reality. Nevertheless, jumping into the cloud is never a trivial task. A special approach is required to discover and mitigate risks, also to apply controls related to the cloud jump. The main objective of this chapter is to specify some of the phenomena associated with the CC paradigm and associated business transformation. It looks at the motivations, contracting, obstacles and the agile project rollout methodologies. It then provides an in-depth analysis for the allied risks and governance directions. CC governance is being more crucial as the CC paradigm is still evolving. In this context, this chapter build few bricks toward a full Cloud Computing Risk and Governance Framework (CCRGF).
Chapter Preview


Cloud Computing (CC) is increasingly asserted as the technology with the potential to change the way internet and information systems are being utilized into Client Enterprises (CEs). Cloud has emerged as a growing trend of scalable, flexible and powerful computing. Consequently, it is capable of introducing a paradigm shift in how technology is delivering value to the business. With significant global investments, Cloud Computing (CC) is showing the power to completely revolutionize the business mindset and promotes new business characteristics. On-demand services, shared computing resources, rapid provisioning and minimal intervention activities are just few trends to mention.

Cloud benefits are not coming hassle free, several risks, security concerns, contracting and compliance issues are surrounding the cloud models. The abridged availability of critical business processes, compromised confidentiality and reduced integrity are side effects of the CC utilizations. This is not surprising, since the concept of secure surrounding perimeter has been vanished by users and services being more mobile. Internal or external service providers are introduced as a Middle Circle Contractors (MCCs) in the middle of the CC services. Additional substantially considerable effects exist due to moving company’s key applications and certain corporate information to the cloud. More challenge raised because the adoption of cloud computing applications might begin outside the Technology Organization (TO), causing plenty of loose activities and associations.

This chapter aims to portray a picture for risk and compliance issues related to CC and to emphasize governance as a mechanism to orchestrate such a heterogeneous environment. Governance can set the rules and responsibilities, lead the way to uphold the cloud phenomena and manage the associated risks in a reliable and trustworthy way. This chapter will devote to invert the question facing the Chief Information Officer (CIO) when approaching the board to ask for a Governance, Risk and Compliance (GRC) implementation. Usually the CIO will be asked “how much it will cost, and what are the benefits?”. Conversely, the right question in the cloud era should be “how much it will cost if we don’t have a GRC practice, and what are the consequences?”.

The chapter insight is putting risk and governance in the heart, while providing highly valuable experience to those looking for guidance to move their business infrastructure, processes and applications into the cloud. As a first step we aim to define cloud concepts and separate the potentially significant business benefits and threats, from the hype and hyperbole that are surrounding. This will increase navigation clarity through the fear, uncertainty and doubt. The native questions about the CE readiness for CC adoption are answered in a structured and systematic approach. One lesson learned from governance is that realizing value from new services requires a mature organization that can recognize associated benefits, set controls and own the relevant tools to measure. Because the cloud services are not yet mature, technology controls that exist today may be stretched or distressed if applied to the cloud and may be unable to cope with the demands placed on it. This chapter argued that new methodologies and mechanisms to control various cloud aspects need to be redesigned considering the associated risks and trends.

This chapter provides evidence-based insights into the CC benefits and challenges. Associated trends of elasticity, business transformation and value proposition are also conferred. The length and design of this chapter precludes extensive treatment of each area, consequently it appeals for both academics and practitioners. It highlights some key concepts and best practices to help smoothing the CC transition, the afterwards operation and the continuous enhancements. The main objective of this chapter is to highlight the risk and governance transformations in the cloud era and to provide real-world projections and effects. Notably, this chapter aims to help CEs rollout the CC projects, manage associated contracts smoothly and effectively follow the constructive trends including the agile methodologies.

Complete Chapter List

Search this Book: