The cloud and IT risks – silver lining, or storms ahead?

View this page in: Français

Top 10 issues to consider when thinking about the cloud and your organization

In today’s environment of cost containment, it’s no surprise that companies are turning to the cloud. With servers, applications and email, the cloud seems to have it all. Supporters say that it replaces the need for companies to maintain their own separate (and costly) IT infrastructure. Substantial savings, instant access and scalability can sound almost too good to be true. But, are we trading data security and integrity for cost savings?

Cloud computing brings opportunities to make businesses more efficient and reduce IT costs. Below are the points you should consider when thinking about the cloud in your organization.

1. Security, risk and privacy
In a cloud environment, organizations rely on providers for storage, business continuity and disaster recovery, and as a result don’t physically store all of their own data. It’s essential to understand the implications this has on data protection. What security measures are in place to protect data in the cloud? Is your data appropriately segregated from other cloud subscribers’ data?

2. Monitoring and reporting
Cloud computing requires a new mindset and new tools, however many organizations are still learning how to monitor and report on their stored data and functions performed in the cloud. Some commonly used techniques include regular compliance audits of cloud providers and defined procedures to handle incidents. What are your company’s procedures and what’s allowed for in your service agreement?

3. Vendor management
Understanding how and where providers deliver their services is key to effective control. For example, some cloud providers rely on other cloud services to deliver their offerings. Considerations such as repatriation add new dimensions – getting into the cloud is easy, but transitioning out can be challenging. Some cloud services cannot be moved back to traditional on–site delivery, and terminating a cloud service may require significant lead times to enable transition.

4. Standardization
An ongoing ‘tug of war’ may develop as providers try to standardize the service to maximize operating efficiencies and reduce costs, despite businesses requesting more tailored solutions. Is your organization’s current IT environment too complex for a cloud model to add value?

5. Continuity of service
A provider’s disaster recovery procedures should be integrated into your overall business continuity plans. These should include clear response times, service levels and remedies in the case of a sustained outage. Organizations must be prepared to independently assess a cloud provider’s ability to safeguard data residing in its systems and to vouch for the security of any data that is regulated for privacy and compliance. Also, how does this impact your approach to emerging and existing cyber security threats.

6. Compliance
A flexible and adaptable framework should be adopted to manage emerging governance and compliance issues. Cloud services are still evolving and it’s essential that you understand if your provider’s compliance models and controls meet your needs across multinational jurisdictions which don’t have standardized regulatory or compliance requirements. Additional compliance costs should also be factored into cloud operating costs.

7. Finance and accounting
It’s important to understand the financial, accounting and tax implications of migrating costs from CAPEX to OPEX. How does this impact the approach to budget planning around technology? Consider how cloud services are procured so that ‘shadow IT’ isn’t created as business functions procure cloud services.

8. Operational implications
The integration of internal and external (cloud) systems into a seamless business solution requires enhanced capabilities around enterprise architecture. It is essential that organizations understand the implications to internal functions, such as user support, reliability, scalability and business resumption planning.

9. The role of IT
The role of the CIO is evolving into one of a business partner who integrates a variety of services and provides IT solutions to the business. Over time, more resources will focus on business integration instead of the traditional IT capabilities around infrastructure, application development and maintenance.

10. Long term implications
An overall technology strategy roadmap which incorporates the role of cloud is a pragmatic start. Cloud computing is more than an opportunity to enhance your speed to market and increase competitiveness. Bring in your CIO to develop and evolve this overall cloud enabled technology roadmap.

Thought leadership

Embedding cyber security into the energy ecosystem: An integrated approach to assessing cyber threats and protecting your assets

In the energy industry, the evolution of technology itself is partly responsible for today’s elevated threat environment. Increasingly, industrial and process control systems communicate with each other and the devices they manage through TCP/ IP protocol, the lingua franca of the internet. In many cases, these systems were never intended to be exposed to the internet or even corporate IT systems; many haven’t been hardened against security threats.
For more cloud resources, including our latest thought leadership and publications, visit the PwC Management and Technology Consulting website at