When you begin the planning phases of a cloud implementation, it is critical that you begin the discussion with your business/mission users and leaders ensure that they are part of the process from project initiation.

There are unique risks that present themselves as part of a cloud implementation, and you must ensure that your business organizations are willing to accept these risks. These risks include:

• Unauthorized access to organizational data:
  • Modern cloud service providers do an excellent job at operations and have developed an excellent arsenal of information security tools
  • However, there is a risk that a cloud service provider will be attacked either over the internet or through employee collusion because of the sheer volume of intellectual property they contain
• CSP information security risks:
  • There is an inherent trust that you place in the cloud provider when you entrust them with your organizational assets
  • Any information security risk that the cloud service provider has immediately becomes your information security risk as soon as you transition operations to the vendor
• Organizational legal and compliance risks:
  • Does your organization have any specific legal and compliance requirements that make it difficult or impossible for you to use the cloud service provider?
  • Does the CSP provide you with the access and control necessary to ensure that you are meeting your organizational obligations?
• CSP management risks:
  • Your organization has no control over whether the cloud service provider pays their bills or ensures that the equipment hosting your environment is well maintained and in good working order.
  • How does the cloud service provider communicate changes such as upgrades and feature updates?
• Cloud service availability
  • Your organization will no longer be able to plan for your information systems availability.
  • This will be fully managed by your cloud service provider. Is this acceptable to your business leaders?