Make those minutes count

More Than a Handful: Seven Prime Risks of the Cloud

It’s never wise to jump into something new without learning about the risks involved. Cloud computing offers a wealth of potential for both empowering businesses and cutting costs, but as a new technology, it’s important for IT leaders to thoroughly understand the cloud’s inherent and specific risks in order to prepare companies for successful deployment.

Assessing the Risks

Risk assessment of any cloud solution should look at the many different varieties of services in the cloud, the differences in providers, and the needs of the given industry.

Specifically, decision-makers should consider these specific risk areas:


Cloud implementation must be carefully planned before deployment. If it’s not, there could be frustrating or devastating problems if existing systems cannot function and communicate with cloud services. Without ensuring full compatibility, businesses could face unforeseen costs for reverting to other systems, fixing the compatibility issues, and losing time that could be spent elsewhere.


Any compliance issues in an organization’s industry or location must be addressed when deploying cloud services. This especially poses an issue when using cloud services located in another country or for organizations with very specific and strict compliance requirements. There are cloud solutions to fit almost all compliance standards, but the issues should be addressed in the planning phase.


Virtual environments create security vulnerability risks for two main reasons: because more data is being transmitted across networks and platforms, and because organizations are housing data in a new physical location. A complete security assessment should precede cloud deployment, and a rigorous security management program should be in place over time. Communication between the company and the service provider is vital to monitoring ongoing security risk.

Reliable Performance

Some downtime will occur with any service, but the right cloud provider for a given organization will work to develop guidelines and service schedules that do not interfere with regular business. Service should be reliable and supported to mitigate any issue and provide near-perfect uptime.


If your cloud provider changes its service offerings significantly or if it goes bankrupt, will your business be able to move forward? Risk management for cloud services should stress the importance of portability, wherever possible, or a plan for easing the burden of your next big switch. Better yet, the cloud provider should appear positioned to provide service indefinitely.

Vetting Your Options

When you use a relatively new technology like cloud solutions, it can be difficult to assess whether you’re getting your money’s worth and whether your services are in line with what the market has to offer. Until cloud technologies and the market have matured and become more standardized, you should expect to put in some effort to regularly gaze at other providers and options while remembering the work it would take to shift gears.

Growing to Scale

Cloud gives businesses the power to disrupt markets and create new revenue streams. Will your provider be able to grow with you? Cloud services are generally very scalable, but not all providers are equally prepared for the task. Think about your future needs when choosing a provider; you can reduce some risk by being optimistic and finding a provider with robust, diverse services.

CIO 101: Systems Are Never Fully Secure

One of the biggest mistakes that a CIO can make is to assume that their systems are fully protected from security threats. It is a costly assumption that many CIOs make at some point; however, rather than repeat mistakes, like any leader, CIOs are better off learning from them instead.

Learning from Mistakes

Just a couple of months ago in Cambridge, CIOs from around the country gathered to participate in the MIT Sloan CIO Summit. While there, they were asked to discuss a significant failure that they had made during the course of their careers.

One of the most notable responses came from Fidelity Enterprise CTO Stephen Neff.

Neff discussed his time at Salomon Brothers and the early days of his career. He related how the firm had a double backup system that it relied upon; this ensured that the backup had a backup. The firm believed that this was sufficient coverage to protect their data. After all, while one backup could be corrupted or lost, the odds of corrupting two backups were considered to be so low that it wasn’t even a possibility.

Against All Odds

As it turned out, those odds were considerable. Upon review, it became clear that the mirrored site was corrupted, and the backup, which hadn’t been updated with crucial software, wasn’t backing data up at all.

The entire system wasn’t working properly. Fortunately, the problem was discovered before any major damage was done, and the data was able to be recovered from disks.

However, the experience taught Neff that no system is foolproof and that making assumptions such as those made at Salomon Brothers can lead to very costly mistakes.

As Neff said, “Stability isn’t a given. You might think your organization’s systems are stable, but you have to test them constantly to be sure.”

The Best Plans Go Fallow

Neff’s story illustrates that even the best security and backup plans can fall apart because of any number of factors. In this case, it was because of factors that were out of his control.

It also highlights what many IT professionals feel in the current environment that is promoting cloud-based solutions. For many, these systems represent an enormous risk because they operate out of their direct control. Stories like Neff’s underscore this concern, and it is something that each IT professional will need to address in terms of his or her organization’s specific needs and requirements.

Plan for Every Error

The bottom line is this: whether an organization is using internal or cloud-based solutions, it is important to factor in everything from human error to mechanical failures. Though CIOs can take steps to prepare for any eventuality, the truth is that all bases never will be 100% covered.

Things can and do happen. It’s important to ensure that an organization’s IT policies are consistent, constant, and always evolving. While not full proof, it is the best way to ensure that an organization doesn’t make the same mistakes that others have made.