Professional Documents
Culture Documents
11v5 IT Governance and The Cloud Principles and Practice For Governing Adoption of Cloud Computing
11v5 IT Governance and The Cloud Principles and Practice For Governing Adoption of Cloud Computing
cost more, but it is still potentially cheaper than traditional – Regular backups of critical cloud-based assets held with
IT systems. Private clouds can be provided to businesses facilities independent of the provider
in generally two ways: either by having the business’s – Regular rehearsals, possibly by running services in-house
systems firewalled off from everyone else’s, or by having the or with an independent vendor for a period (potentially
business’s systems virtually separated from others using an even with another cloud provider)
authenticated and encrypted environment within a public
Revert strategies cost time and money, but they are
cloud (known as a virtual private cloud).
important to mitigating the risk of a cloud provider failing.
• Preparing to revert—Preparing to revert might be one of
Additionally, they put cloud customers in a much stronger
the last things on the minds of business managers when
position when renegotiating a cloud service contract
engaging cloud services, but it is often one of the most
because cloud customers know that they could readily
important things to think about. The Satyam collapse1 a few
switch from the provider if needed.
years ago illustrates how a service provider may outwardly
• When in public, keep valuables under lock and key and
seem fine, but can unpredictably be brought down by
stay alert—The need to protect sensitive data or intellectual
unforeseen circumstances. Such situations are hard to
property is particularly important when using a public cloud
predict, let alone prevent, and when relying on obscured
service. Typically, the best way to protect these assets is to
cloud services, the uncertainty and risks can seem even
use encryption technologies. In recent years, encryption has
greater. Businesses need to prepare themselves for what to
become more readily available, inexpensive and easier to
do if and when a cloud provider fails. That is, they need a
setup, but it is complex, and there are many aspects to
revert strategy to ensure that they can readily switch to an
consider. Here are a couple key points to be aware of:
alternate IT service model at any time. This includes:
– Protecting data at rest and in transmission in the cloud can
– Maintaining knowledge of all critical information and
be readily achieved using encryption, but protecting data
processing assets held in the cloud
during processing in the cloud is problematic. Essentially,
– Maintaining sufficient skills (in-house or with a vendor
this is because when data are decrypted for processing,
independent of the provider) to be able to repatriate and
they are at risk, even if for a nanosecond. Basically, most
reestablish systems and services