Risk is everywhere and in everything. Those who do not recognize the risk and prepare for it are doomed to go under. The cloud is no exception. The cloud computing industry has both systemic and operational risks associated with it. Therefore, there is a growing need to evaluate risk and examine the potentiality of it.
Consumers entrusting mission-critical data to third party vendors in the cloud seem to be convinced that they are transferring accountability for data loss and financial liability to the cloud vendor along with the data. The cloud vendors are not in the business of risk and do not expect to do any kind of risk valuation or risk hedging or risk transfer on their own. They point out that data security remains the responsibility of the data owner and all financial liability for data loss or data corruption wholly vests with the service consumer.
So, who is really responsible? Risk denial will have to run its course as the inevitable economics of risk takes over and creates a problematic situation that slows down business growth.
Cloud users must realize that risk transference is a myth. It never gets transferred from the user to the service provider. After all, the data belongs to the consumer. The consequences of data loss must revert to the enterprise using the services of the vendor who is committed only to the extent specified in the Service Level Agreement (SLA). The cost of using technology includes cost of failing with technology. There is a persistent need for valuing, allocating and accounting for risk complexities in the cloud.
A rise in global cyber threat is becoming a major security challenge for cloud models and most industries riding the cloud are facing a number of security challenges. Issues like multi-tenancy; business critical dependence on cloud infrastructures and regulatory mandates such as HIPAA, HiTech or SOX, demand that enterprises develop effective financial protection strategies to mitigate technology and data liabilities.
To sum up, cloud consumers must realize that risk mitigation remains their responsibility even when they ride the cloud. Further, they share the risk profile of their cloud vendor and the cost to fail and the business risk never gets transferred to the vendor. Traditional risk models may not fit comfortably around the new cloud risk scenarios. New and effective strategies will have to be evolved.