Cloud Security 101: What is Risk Management in the Cloud?
Just like compliance in the cloud and security controls in the cloud, the way that an enterprise deals with risk in the cloud is much the same as it does with their on premise infrastructure, with the caveat that they must now also deal with a cloud provider in addition to their own risk standards.
Managing risk is critical – a company’s IT solutions often provide a significant avenue for risk – something that can adversely affect the company. Arguably, the greatest risk to any company is their employees, which are also their greatest asset.
Some larger companies have risk management programs, and the company’s cloud solution should be included as part of that program. Using compliance and security controls, the risk manager can work with the CISO and the CIO to determine the level of risk that a cloud solution can bring to a company. For example, a company that deals with very sensitive information may have legitimate concerns about how that information is stored and treated in a cloud environment. A risk manager will evaluate the security controls in the environment and determine if the risk of migrating that data to a cloud is greater than keeping the data on premise. It is critical for the CISO / CIO to assist the risk manager in making correct and informed decisions.
Read the entire article here, Cloud Security 101: What is Risk Management in the Cloud?
via the fine folks at HP Enterprise.