FeaturesSecurity ComplianceStrategy

The concept of cloud computing brings a variety of inherent risks such as data security, data privacy, data loss, responsibility gap, business continuity, level of support, regulatory complications, hidden costs, and scalability.

While the major inherent cloud computing risks on access security, data confidentiality, legal and regulatory compliance are typically addressed, some other risks remain less visible to the community.

In this first part of an interview with Asia Cloud Forum (read Part II here), Peter Koo (pictured), partner of Deloitte China enterprise risk services names the risks that "remain less visible to the community," and the potential problems that can occur as a result. Koo will also discuss the different concerns that businesses have about cloud computing today, and whether organizations in Hong Kong, Mainland China and Singapore approach cloud computing-associated risks differently.

Peter Koo: Data security and privacy are especially the major concerns for businesses that deal with critical process and sensitive data in their daily operations. They include those from the financial services industry (FSI), government agencies and healthcare bodies, as they are regulated where industrial compliance is required.

The public and healthcare sectors are more concerned about data privacy, especially in a public cloud environment, where sensitive data, such as, personal information and medical records are being stored or transferred. It is important that authentication and authorization have been properly defined and structured to prevent unauthorized access. Imagine the serious consequence of leaking a medical record of a politician or celebrity to the public and it is easy to understand why both data encryption and Identity Access Management (IAM) are essential elements for a secure cloud environment. 

For the manufacturing sector, companies will focus more on system integration and customization of the cloud solution. Because of high technological requirement, integrating a system with sophisticated manufacturing processes for cloud solution is not an easy task.

Vendor lock-in is another high-risk area that needs to be addressed, as currently the interoperability among different cloud platforms has not yet been available. This would impose difficulties for establishing the initial communication channels among different cloud applications. Also, there will be no guarantee on data integrity when changing the cloud service provider.

Koo: Yes, Hong Kong, the Chinese Mainland and Singapore adopt different approaches in enterprise risk management (ERM).

As a global financial center and logistic powerhouse, Hong Kong is regarded as one of the best free-trading markets in the world. Despite endless opportunities demonstrated by this reputed free market structure, a number of financial crises have exposed the vulnerability of Hong Kong's economy in response to macro-economic changes.

In Hong Kong, business is typically regulatory driven where motive and effort around ERM is mainly for satisfying relevant standards and regulatory requirements. Generally, companies are unlikely to invest in ERM proactively. Often, they wait and see if the technology is mature enough before considering making the investment. 

On the Chinese Mainland, it is mainly the local provincial or city governments that are driving the agenda in terms of the strategic positioning and development of the city. The provincial cities, especially those far away from the major cities are less likely to be impacted by the macro-economic environment. This is evident during the global economic downturn when the country was still able to boost domestic consumption to support China's robust economic growth.

Singapore is well-known for its stringent regulations and compliance requirements. That has translated into higher levels of awareness in cloud computing, and thus relatively more approaches for promoting and adopting the technology. The Singapore government has already established a Central G-Cloud program aiming at establishing a G-Cloud connecting all government resources by 2015. The National Grid Office (NGO) and Infocomm Development Authority (IDA) have worked together to increase the awareness, and promote the adoption of cloud computing in Singapore through publishing and calling for proposals. 

In addition, the adoption of the technology is driven by IT giants, such as Microsoft, IBM and Hewlett-Packard that have picked Singapore as the hubs for their regional cloud computing initiatives, Singapore's cloud computing sector is experiencing tremendous growth.

Koo: Many studies found that security and privacy issues are the top concerns when companies consider transferring their data to the cloud environment. The associated security risks and the reliability of cloud computing [solutions] are constantly quoted and discussed.