Cloud computing holds the promise of on-demand IT services, available at greatly reduced cost and with unprecedented efficiency and flexibility. The business drivers for cloud computing – low cost, flexibility and almost immediate accessibility – are compelling, and help explain why the adoption of cloud computing services is growing rapidly. Research conducted by the Cloud Industry Forum suggests that 48% of companies in the UK and Europe currently use a cloud-based service.
However, whilst cloud computing services offer massive potential for businesses, security standards and associated technologies are lagging behind the uptake of services, according to business continuity specialists ISM.
Steve Durbin, Global Vice President at the Information Security Forum states, “organisations need to pause and consider whether they are sufficiently protected, and not exposing themselves unnecessarily to threats to their information security, integrity, availability and confidentiality”.
From a business viewpoint, cloud computing services are transformational technologies that have the ability to provide easy and cheap access to IT services on demand. However, from an IT and information security perspective, they could equally be viewed as a disruptive technology with the potential to create a significant impact on already overstretched security resources in many organisations.
In many cases, there is little or no difference between cloud services and those provided under an outsourcing agreement with a third-party supplier. It is therefore important to apply the same processes and procedures to cloud providers that are applied to other third-party suppliers.
Organisations cannot afford to ignore the information security implications of cloud computing services – they need to adopt a practical business-led approach to dealing with cloud providers without delay, focusing on knowing where the information resides, who has or needs access to it and how it could be compromised.
Working with Griffiths & Armour, organisations can manage the right risks and drive value by:
- Understanding security – both now and in the future; knowing where you are and where you want to be guides strategy.
- Ensuring your insurance programme recognises and responds to the way you operate including any third party service providers.
- Having a risk-based information security strategy that aligns with business needs, enables compliance and maintains the integrity and confidentiality of critical information.
- Gaining an in-depth understanding of what constitutes the critical information of the organisation, where it resides, and who has or needs access to it.
- Devising a means to measure, monitor and report on the effectiveness of the security program and controls.
If you would like to discuss further, please contact us on:
Telephone: 0151 236 5656