Introduction
Risk fits clearly into the ‘eye of the beholder’ category across the average enterprise and so any conversation discussing Risk in the context of Cloud Computing should start with some definition of just what we mean by the words themselves: like Cloud, there are different definitions, perspectives and requirements which, if not managed, can contribute to disconnected plans within the business.
To further complicate matters, overlaps in areas including Compliance have the potential to introduce duplicated efforts or, worse yet, a lack of clarity that could result in critical steps being missed.
Not that separate views of risk are a bad thing… separate control, however, is another matter. Best Practices suggest that risk identification and management will be more effective when the overall process is handled concurrently at the operational and management levels.
Lessons learned have also demonstrated that consolidating these disparate, cross-organisational perspectives of Risk to a single Enterprise-wide view can provide a common context for each individual business unit. It can also provide a route to uniformly quantify those risks and identify any areas of overlap. Once collected and ‘valued’ in perspective and in comparison with risks across all business areas, each risk can then be prioritised and planned for, providing clear targets and positioning the move to the cloud to succeed.
This Document
On par with business-wide transformations like Enterprise Architecture or end-to-end IT and Business Process outsourcing, Cloud Computing presents opportunities for efficiencies, economies and growth: identifying a broad set of Risk outcomes arising from the many activities involved in making such a move will assist organisations to ‘roll with’ the unexpected and exploit those opportunities.
A starting point for collaboration, this discussion document will support traditional Enterprise Risk programmes – and the Operational teams who collectively deliver to them – in planning and making the move to the Cloud, by setting a common starting point and a simple view of what cloud and these other technologies are meant to be providing to the Business as a whole.
While the list of potential issues and pitfalls that might be encountered along the way may seem substantial as you consider the questions posed in this document, the list is not meant to discourage. Rather the opposite, in fact, since knowledge in advance and awareness of what might occur supports accurate planning and forecasting: a problem discovered or forecast is a problem that can be managed, worked around or in the very least, accounted for and anticipated. All of which means less risk.
Buzzwords Blurred
Alongside security and connectivity, Business Risk needs to be set squarely behind most of today’s hot technology buzzwords – including Cloud Computing, Social Media, Mobile Computing, Software Defined Networks, Big Data and a broad set of Services-as-a-Service – and it is important to note that, like most of these other current buzzwords, Risk has also become a catch-all term.
Starting with Cloud Computing, the reality is that most of these buzzwords wouldn’t really matter if it weren’t for the networking, storage and computing capability delivered by Cloud – but the flipside is also true. Without, for example, the intelligence to be derived from Big Data, or the agility and future-proofing of an SDN or even the savings and efficiencies promised by SaaS solutions, Cloud Computing would really be just another “capability without a cause.”
The combination of these capabilities continues to drive changes in attitudes and behaviours which, well-planned and executed, can deliver a serious return on investment. Further, this is a foundation to enable innovation – and adds to the breadth and the nature of Business Risk along the way.