A study in McKinsey Quarterly emphasizes the need for CIOs and vice-presidents of business to adopt a risk-based approach to balance the economic benefits of cloud computing with issues related to the risk of harm to data. In summary, the issues essentially boil down to the question of the protection of personal data and the risk of data being concentrated at a single point while today they are fragmented and scattered on both sides of the corporate network . In addition, there are issues of regulatory compliance such as those of the financial sector or the Privacy Act. Aggregating data in a single place, if insufficiently protected, could prove to be the Achilles' heel for the company. To cope with this, McKinsey has 4 themes: 1. Comparing deployment models highlights options. From private cloud to public cloud, private on premises, private off premises, public multi-tenants, dedicated or shared equipment, several options are available. 2. Data must be managed and protected. A strategy for data protection must be implemented according to the type of data (confidential business information, published intellectual property, legal information, regulated information and IT security related information) 3. A mixed-cloud strategy will strike the best balance of technology benefits and risk management. Clearly, each type of data has different and sometimes conflicting issues such as security and performance. For example, some non-confidential data require high availability requirements and high performance whereas confidential information will have high security requirements, but moderate availability needs. 4. A risk-management approach requires changes across several dimensions. Well beyond the needs of the IT department, cloud computing should be considered in conjunction with the department of Corporate Risk Management who should assess the risks with the vice-presidents of business. See complete original McKinsey article
top of page
bottom of page