Yesterday I was part of a Cloud Computing Forum in London (one of the pleasures was to re-encounter in person Euan Semple, who was one of the keynote speakers). I’m also in the process of creating an InformationSpan insight services Coverage Report on Cloud.
These two projects set me thinking about the risks associated with the various forms of Cloud. Of course, as an independent worker I use a variety of Cloud services in my work – it’s not quite the same as saying Web 2.0 but it’s not, for this purpose, so far different. There’s material about this in my recent BCS Consultancy Group presentation: something about the services we need, the gotchas to watch out for, and the balances of benefit and challenge.
So I mailed Mike Rasmussen of Corporate Integrity, one of the gurus of risk management, to ask if he had covered this in any specific way. To date, he hasn’t; though I hope he might turn his attention to it. But of course one of the points about Cloud is that the issues it raises have, in almost every case, been seen before in previous technology cycles. And there’s no point in asking about security or risk management in the Cloud if you don’t have an understanding of risk management in the things you already do (business, or IT, or both).
Coincidentally, Mike’s latest newsletter just hit my inbox and he heads it with a succinct quote which expresses the fundamental thing about risk: which is that in business (as of course in our personal lives) we accept risks all the time. Enterprise is the undertaking of risk for reward (Judge Mervyn King of South Africa).
Mike is starting a series on Developing a Risk Assessment & Management Process. For those who are concerned about risks of adopting Cloud technologies, I simply want to commend it to you.
• Everything I Need to Know About Risk Management I Learned In . . . (Corporate Integrity, 2 Mar 2010
• King Committee on Corporate Governance, South Africa, 2002
• Can Web 2.0 run your Business, ITasITis, 28 Jan 2010