Decisions about implementing cloud solutions are often stalled by concerns over security issues. Microsoft's Cloud Risk Decision Framework provides a structured way to assess the risks and benefits of cloud solutions and choose the right combination of technologies for your business.
Cloud gap picture from Shutterstock
Managing risk is now a key focus for enterprise. Microsoft's 2013 Insights Quarterly survey of more than 200 Australian CIOs found that 85 per cent ranked risk management as a high priority. The Cloud Risk Decision Framework provides the tools to make risk management achievable without stress.
Risk management is an essential element of any cloud technology planning exercise. The international standard ISO 31000 provides a detailed framework for assessing risk, but trying to actually implement a plan based purely on an ISO standards document is a daunting task.
The Cloud Risk Decision Framework provides a structured, step-by-step methodology that lets you assess risk in a realistic way and helps guide technology decisions. "We've been able to provide customers with a framework to assess the cloud opportunity in a way that is informed by these principles and processes, and that puts them in a good place to make a really solid decision," said Microsoft Australia chief technology officer Greg Stone.
How To Balance Risk
It's important to recognise that risk management doesn't mean eliminating risks; it means quantifying them and balancing them against business benefits. "The security team are incentivised to expunge risks 100 per cent. It's up to the business to say 'no, this is the right risk level'," Stone said.
The risk assessment process involves identifying the issues involved with current processes, and comparing those with cloud alternatives. For instance, internally hosted mail has its own risk factors associated with patching and management. Using an external provider could actually reduce those risks. Using a systematic approach ensures those opportunities are identified and properly assessed.
"The framework is not only great for making the decision, it's also great for communicating the decision and sharing it. The summary dashboard is something a non-technical person such as a board member can discuss with you," Stone said. Indeed, the tool has proven so popular with some Microsoft clients that it is also being applied outside cloud projects. "We are seeing customers identify the risk framework as a tool that extends beyond the cloud opportunity and beyond cloud."
"It's an incredibly valuable tool. You can defend your decision making by showing how you recognised risks and how you chose the trade-offs," Stone said. That's critical because one of the reasons people don't want to make career decisions on cloud is they feel it might be compromising. This enables a much more collegial way of making the decision and leads to broader agreement."