Organisations’ decisions about adopting cloud computing, with its broad promise of financial benefits, need to be made with a full view of the risks involved, Marsh said today in launching the Cloud Risk Framework, the first methodology of its kind.
The Cloud Risk Framework details a five-stage process that enables organisations to evaluate the risks and the potential financial impact of any change in risk profile involved in a shift to ‘the cloud’. Fully adaptable to individual organisations, the Cloud Risk Framework creates a starting point for the debate concerning the adoption of cloud technology.
The Cloud Risk Framework is the result of a year-long collaboration by the Cloud Risk Forum, a Marsh-led group of international legal, insurance, risk, and technology experts.
Fredrik Motzfeldt, Leader of Marsh’s Communications, Media and Technology Practice in Europe, the Middle East and Africa (EMEA), said: “Moving information technology (IT) services to the cloud presents a conundrum to many businesses. Although it promises greater financial efficiency and productivity, the cloud brings an increased dependence upon technology infrastructures housed outside an organisation’s immediate control.
“The Cloud Risk Framework provides for the first time a simplified output regarding risk costs to help businesses navigate the complex issues surrounding cloud use decisions, including security challenges and regulation. With this objective analysis, they can then avoid some of the more subjective and emotional factors that might otherwise affect their judgment.”
The Cloud Risk Framework’s five-stage process includes:
Identifying key categories of risk for IT services clients;
Categorising potential types of loss and costs typically linked to IT service failure;
Quantifying areas of financial impact;
Allocating the cost of a risk event between the customer and cloud provider;
Determining the likelihood of a risk event occurring.
“The ability to adopt cloud computing models that reduce complexity should bring competitive advantages. A structured and simplified approach to assessing the risks of moving to the cloud, as evidenced by the Cloud Risk Framework, is a vital first step to achieving this goal,” added Mr Motzfeldt.