More organizations are moving to IT environments supported by multiple services in the cloud, typically by more than one vendor. This may include software-as-a-service (SaaS), platform-as-a-service (PaaS) offerings, or infrastructure as a service (IaaS) offerings.
Regardless of the types of cloud computing used, hosting vital data and applications outside the organization's own defensive perimeter presents considerable risk, especially when multiple locations, services or suppliers are involved. In addition to data being lost or stolen, companies may experience problems with data privacy rules (GDPR), not to mention the risk of cost explosions that result from inappropriate cloud computing management practices.
Know more: managed vs unmanaged switch
“The most frequent risks we see here involve the governance of cloud computing environments: Who is the supplier? What protocol? Limits for creation, use, size, etc., for [development] environments to optimize usage, "says Ola Chowning, partner of the American technology and research consultant ISG, adding that it is much easier to deal with governance issues like these in beginning and not with post-implementation.
A multicloud strategy "tends to bring greater complexity and disjointed management and automation tools," says Emal Ehsan, Director of Cervello Business Analytics Consulting, a unit of the global management consulting firm Kearney in the United States. This complexity can represent a risk of failure in operations.
In addition, IT services have historically been acquired from data centers owned and operated by the company, with IT providing oversight of the acquisition process. Cloud computing services like PaaS can now be easily purchased and implemented by business users without architectural or security analysis, says Smith of Intermountain. IT and business leaders need to mitigate this by controlling which services are enabled and available to users.
“One of the best practices is to ensure that, for all requested cloud services, [the services] undergo an appropriate architectural and security analysis on any iaa, PaaS or SaaS vendor platforms before they are approved for use in the company” says Smith. "Guidance and protection must be established before any public cloud computing vendor tools can be provided to the organization, including continuous monitoring of all usage."
IT, cybersecurity and legality must work together to stay ahead of all business users' efforts to purchase and consume new cloud computing services, says Smith.