"The sky's the limit." This well-worn phrase first appeared in print just before World War I, signaling the technological progress that saw the Wright Brothers take to the air and allowed industrial production to transform business and daily life alike. These days, technological progress has us again looking to the sky - not as uncharted territory to be explored, but as the next stop for business outsourcing. Yes, we're talking about the cloud. But just as taking to the skies demanded rules be put in place to keep travelers safe, companies need to understand - and protect themselves from - the risks of moving critical business operations and data to the cloud.
Do the Benefits of the Cloud Outweigh the Risk?
In its Cloud Adoption & Risk Report 2016, cloud security company Skyhigh cites a study indicating that companies which leverage cloud services grow nearly 20 percent faster than their counterparts. The report notes, "Cloud computing is more than an advance in technology. It represents transformation for your entire organization - people, processes, and systems." In addition to fueling growth, implementing cloud solutions can help organizations lower IT costs, realize operating efficiencies and focus on innovation. But just a cloudy sky can signal bad weather on the horizon, cloud computing isn't all sunshine and rainbows. The ease and convenience of cloud-based file sharing and collaboration tools has increased the amount of sensitive data stored in the cloud.
Confidential financial records, business plans and source code
Personally-identifiable information like social security numbers, birth dates and tax ID numbers
Password-protected ZIP files that remain unscanned by security tools
Payment information including credit or debit card numbers or bank account numbers
Protected health information such as medical records, patient diagnoses and treatments
Emails and messages from other group communication tools
Skyhigh estimates that 18 percent of cloud data qualifies as sensitive, but low number belie the level of risk. Just consider the damage that leaked emails wreaked during the 2016 campaign season. Or how the theft of 500 million accounts nearly scuttled the sale of a former web-portal giant. For organizations in highly-regulated industries - like finance or healthcare - failing to protect sensitive data carries even more potential risk. Compliance requirements demand that organizations put robust internal controls and policies in place.
The Financial Industry Regulatory Authority (FINRA) mandates that investment companies meet disclosure and communication rules.
The Gramm-Leach-Bliley and Fair Credit Reporting Acts carry strict regulations for customer data privacy.
The Health Insurance Portability and Accountability Act (HIPAA) outlines requirements for ensuring the security of patient data.
The cloud certainly complicates risk mitigation. As PwC pointed out in 2011, "While businesses can outsource their systems, applications, and processes, they can't outsource their obligations - to investors, employees, customers, partners, and regulators - to manage risk."
Any organization that utilizes the cloud needs to maintain a robust governance policy that extends to third parties - and not just the ones it entrusts its cloud-based operations to. If your company relies on vendors, suppliers or other third parties - and they outsource to the cloud - your company could still feel the negative impact of a security lapse. A data breach at one major retailer, for example, led to more than $200 million in costs for the financial institutions impacted by stolen customer data, per the Consumer Bankers Association and the Credit Union National Association.
Compliance may be a top-of-mind issue in regulated industries, but your company's brand and reputation is on the line, regardless on industry. If you lack visibility into possible gaps in cloud providers' security measures, a data breach can lead to angry customers, fines and reputational damage. What's more, not spotting signs of financial instability, can put you at risk of operational disruption should a cloud provider shut down due to bankruptcy, tying up your critical data in the process.
Last year, CIO.com reported that 93 percent of businesses used cloud technology to some degree. And given the benefits that companies gain - fewer capital expenditures on IT infrastructure and faster, more collaborative communication among teams, for a start - the cloud will continue to be a powerful tool for today's global business landscape. As the cloud matures, so too will the processes that companies use to leverage it successfully. What can you do today? Make sure you have a robust process and the right tools for third-party screening, due diligence and ongoing monitoring to mitigate risk. Think of due diligence as your umbrella: It helps you stay alert to potential red flags - from signs indicating financial distress to the sudden exit of a key C-suite member like a chief technology officer - before you get hit with a storm of bad publicity, regulator scrutiny and financial losses.