Possibility is high that an organization might be unable to gain access to its data or to its cloud services on a short notice peradventure due to failure, acquisition, and discontinuity of a service or change in business models at any time.
To manage this risk, the organization can do the following.
- For possible event of service changes, contractually demand for a specified minimum period of prior notice.
- Confirm the availability of alternative service options that can be used on needs.
- Keep an updated internal copy of the data for emergency use
Due to possible cost changes to cloud services over time, the essence of cloud adoption might become jeopardized.
To address this, the organization should do the following:
- Ensure that the service contract contains information regarding the service costs and potential changes.
- Assess the cost/benefit/risk trade-offs of the relationship during each contract renewal.
Malicious activity risks
The fact that the cloud service providers operate in the open internet makes their cloud environments and services rich targets for attacks through their website portals.
This challenge is further aggravated by the web support and administration tools made available to the customers as mostly defined in a normal business model through the web portal, making these tools more vulnerable to attacks as they can be accessed by attackers.
To manage this risk, the organization can do the following:
- Ascertain that the service provider adheres to recommended security best practices in the development of its web application, including code reviews and appropriate application security fundamentals at each level of its cloud infrastructure.
- Ascertain that appropriate vulnerability and penetration tests are conducted on a regular basis and any issues identified are addressed promptly by the cloud provider.
- Ensure that proper auditing of these tests is conducted by the service provider to confirm that the tests are operationally effective.